http://boinc.banaan.org/hashclash/

HashClash explanation

MD5
MD5 is a hash-function which maps any message to a fixed number of 128 bits called the hash. This is done in such a manner that the following two problems are hard:
finding a collision: two messages with the same hash
finding a pre-image: for a given hash find a message that maps to that hash
Because of these properties MD5 is used commonly for the following purposes:
Integrity checking: to verify that a file did not change or was transmitted correctly
Digital signatures: a message is signed by signing its hash
MD5 was designed by Ron Rivest in 1991. It breaks each message into 512-bits blocks, and processes them seperately in a iterative way by using a function md5compress.
iv0 is a fixed value in MD5
iv1 = md5compress(iv0, block1)
iv2 = md5compress(iv1, block2)
....
The hash of a message is now the iv value calculated using the last block.
MD5 collisions
MD5 has been broken in August 2004 by a chinese research team consisting of Xiaoyun Wang, Dengguo Feng, Xuejia Lai and Hongbo Yu. They showed how to create a collision of two messages with the same hash. However these messages have a special form:
First blocks are equal, e.g. block1,...,block41.
Therefore both messages have the same value in iv1,...,iv41.
Two blocks that are generated completely random: block42 and block43. They depend on the specific value in iv41.
The messages differ in these two blocks, however these blocks are such that both have the same value iv43.
Last blocks are also equal, therefore all the values from iv43 till the last iv value, the hash, are equal.
Their attack creates collisions that are not easily to abuse. In real life you have to put the two colliding blocks, which are totally random nonsense, to some use. There are two examples where it has been done:
In digital certificates: the random blocks are put inside the public key.
However these certificates still have the same Name, Address, etc., so you can't fool anyone with it.
In digital documents: the random blocks are put inside a if-then-else construction.
In this construction each file contains both documents, however using the if-then-else either the first or the second is shown.
The first attack was done in about one hour on a high-performance IBM p690 cluster. Later reports show that attacks on a desktop pc with a Pentium4 1.7Ghz can be done in approx. 4 hours. Currently Marc has gained a substantial speedup of this attack. A report is in preparation.
Project HashClash
Using techniques from the attack from Wang et al., we are trying to find collisions which are more flexible. More concretely, we will allow the first blocks of two messages to be chosen at will. This attack is in ongoing research, however it is already clear that it requires large scale computational power. Therefore project HashClash was started. Currently you can join HashClash to help us in the first phase of this research, called 'MD5 Birthdaying'. It consists of finding a block with very specific properties, that will help us in later phases. Finding that block on a single Pentium4 3Ghz would take approx. 800 days of 24/7 continous running. We hope by combining the computational powers of many pc's to find this block much faster.
This project is intended as cryptographic research only. We intend to clarify the nature of the vulnerabilities in applications of MD5 that have been opened up by the collision finding methods of Wang et al. At a later stage we also intend to work on collision-finding for SHA-1.



--------------------------------------------------------------------------------

Return to HashClash main page


Copyright © 2006 M. Stevens

---

-----

for those that don't understand, or don't want to read thru the tech talk

hash-functions are used to ensure things, like a file is the same as the original (used by some clever download managers)

hash-fucntions are used quite a lot in crytography, and encryption systems, so it's important that they work properly (i.e. colisions are bad) and can't be easilly broken, this project is helping with that by finding faults which will hopefully bring about new and better hash methods :)

so looking large scale, if a project like rosetta has the potential to help cure many diseases
and CPDN has the potential to at least allow us to understand climate change, and have a definate answer

then hashclash could potentially improve the security field vastly by helping the development of better hash functions

---

Want to search the BOINC Wiki, BOINCstats, or various BOINC forums from within firefox? Try the BOINC related Firefox Search Engines

Project is closed to new members as of 3/13 due to server process issues.

---

Stewie: So, is there any tread left on the tires? Or at this point would it be like throwing a hot dog down a hallway?

Fox Sunday (US) at 9PM ET/PT

There are other projects besides Seti@Home?

Who woulda thunk?

---

There are other projects besides Seti@Home?

Who woulda thunk?

I have one BOINC host attached to 27 projects other than S@H (it is also connected to S@H).

---

BOINC WIKI

There are other projects besides Seti@Home?

Who woulda thunk?

I have one BOINC host attached to 27 projects other than S@H (it is also connected to S@H).

Giving your scheduler a good run?

;-)
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

There are other projects besides Seti@Home?

Who woulda thunk?

I have one BOINC host attached to 27 projects other than S@H (it is also connected to S@H).

Giving your scheduler a good run?

;-)
Martin

Of course.

---

BOINC WIKI

<http://setiathome.berkeley.edu/donate.php> <http://setiathome.berkeley.edu/donate.php> <http://setiathome.berkeley.edu/donate.php>

Dear Dick Miller,


Gentlemen,

I am so glad you asked-for a donation and support. I have been running Seti at home for about 15 years on my various computers. Regularly I have been required to upgrade, and upon doing so lost my account. You may not understand that as we allow Seti on our computers it runs in the background and does not require attention, accordingly it is not a surprise that we forget how we logged in, our member name and password, even our email accounts are changed.
I am presently running a version on my PC, which I find annoying with all the weenie graphics. I may not continue to do this much longer.
I have donated enormous amounts of cpu time to your/our project, since I have not found you user friendly, I will not donate money, and may shortly cut my number crunching for you due to the way the program is going. Maybe a little less weenie graphics and more math analysis is in order. BOINC STINKS- I HATE IT. At least three times I lost my log of time contributed–which is annoying as well.

Good-bye and good luck, and thanks for asking,

Richard M. Miller

---

Mr. Miller, Perhaps if you describe the difficulty you've been experiencing we could fix any issues you have. I don't know which "weenie graphics" you're talking about. Installing as a service may be the right choice for you, since there'd be NO graphics of any kind (unless you open the manager). Boinc is a multiproject platform. It incorporates many of the "third party" software that you used to have for classic. When additional options are given, additional complications occur. It's a balancing act between those wanting more options and people like you (presumably) wanting less options.

Describe your issues and see what we come up with?

tony

<http://setiathome.berkeley.edu/donate.php> <http://setiathome.berkeley.edu/donate.php> <http://setiathome.berkeley.edu/donate.php>

Dear Dick Miller,


Gentlemen,

I am so glad you asked-for a donation and support. I have been running Seti at home for about 15 years on my various computers. Regularly I have been required to upgrade, and upon doing so lost my account. You may not understand that as we allow Seti on our computers it runs in the background and does not require attention, accordingly it is not a surprise that we forget how we logged in, our member name and password, even our email accounts are changed.
I am presently running a version on my PC, which I find annoying with all the weenie graphics. I may not continue to do this much longer.
I have donated enormous amounts of cpu time to your/our project, since I have not found you user friendly, I will not donate money, and may shortly cut my number crunching for you due to the way the program is going. Maybe a little less weenie graphics and more math analysis is in order. BOINC STINKS- I HATE IT. At least three times I lost my log of time contributed–which is annoying as well.

Good-bye and good luck, and thanks for asking,

Richard M. Miller

15 years,LOL,LOL,LOL. So you are saying that you ran seti 8 years before Dave even designed the software. Can I borrow your time machine! And you don't have to see the graphics unless you choose to do so. Have you ever thought about saving your info on another medium such as floppy, tape or cd or even on another drive/partition so that you don't lose it!

Also with only 298 credits I would say that you did not give it a fair chance.

---

98SE XP2500+ @ 2.1 GHz Boinc v5.8.8

And God said"Let there be light."But then the program crashed because he was trying to access the 'light' property of a NULL universe pointer.

Can I borrow your time machine!

Can I have a go at that time machine too maybe win the lottery a few times over then as well

---

Join us in Chat (see the forum) Click the Sig


Join UBT

<http://setiathome.berkeley.edu/donate.php> <http://setiathome.berkeley.edu/donate.php> <http://setiathome.berkeley.edu/donate.php>

Dear Dick Miller,


Gentlemen,

I am so glad you asked-for a donation and support. I have been running Seti at home for about 15 years on my various computers. Regularly I have been required to upgrade, and upon doing so lost my account. You may not understand that as we allow Seti on our computers it runs in the background and does not require attention, accordingly it is not a surprise that we forget how we logged in, our member name and password, even our email accounts are changed.
I am presently running a version on my PC, which I find annoying with all the weenie graphics. I may not continue to do this much longer.
I have donated enormous amounts of cpu time to your/our project, since I have not found you user friendly, I will not donate money, and may shortly cut my number crunching for you due to the way the program is going. Maybe a little less weenie graphics and more math analysis is in order. BOINC STINKS- I HATE IT. At least three times I lost my log of time contributed–which is annoying as well.

Good-bye and good luck, and thanks for asking,

Richard M. Miller

15 years,LOL,LOL,LOL. So you are saying that you ran seti 8 years before Dave even designed the software. Can I borrow your time machine! And you don't have to see the graphics unless you choose to do so. Have you ever thought about saving your info on another medium such as floppy, tape or cd or even on another drive/partition so that you don't lose it!

Also with only 298 credits I would say that you did not give it a fair chance.

Well IMHO i don't get the point why "Mr. Miller" needs to tell us that he'll leave.

@Mr. Miller ... GO AWAY !

I dont't get the point why some still are replying to those post from guys that post that they don't like boinc etc...

It has been announced more than a year ago that s@h classic will be replaced with the boinc platform.

So why care ??? They allredy knew that this would happen ... leave them alone and igore those posts.

---

Join BOINC United now!

A few quotes from LHC.

"..I find it quite exciting to know that due to BOINC, we may get to crunch for projects that would have otherwise failed under the traditional DC model (one client & app per project)

innovations like BOINC allow people to do things that would otherwise have never been thought of. I see BOINC being the start of a huge leap forward for science, allowing projects to have their own "Grid" and achieve more accurate results at greater speed than ever."

"...As Chrulle has written here, other groups at CERN are now looking seriously at BOINC applications for their work."

"...there was a back-up plan in case the BOINC project did not work out, and they could have done the essentials of the LHC design in-house, but for more money and less precise predictions."

--------------------------------------------------------------------------------
From the BOINCSIMAP site:

More than 10.000 hosts and 5.000 users with credits: Its time to celebrate and to say thank you all that make this project running and beeing sucessful. During the last weeks you have calculated the similarities for more than 1 million protein sequences. Due to your effort we are soon up-to-date, which means that the sequence similarities are calculated for all protein sequences in SIMAP. But there are new sequences to come, both from the regular updates and from importing new databases into SIMAP. So the work will not stop. Additionally we are currently preparing a second application for BOINCSIMAP, which will calculate functional attributes of our protein sequences. This will help to expand our knowledge about the protein universe.

---