[thelist] authorize.net says md5 algorithm error prone

Kasimir K evolt at kasimir-k.fi
Sun Jun 5 05:38:24 CDT 2005


> Erik,
> 
> On 6/4/05, Erik Heerlein <erik at erikheerlein.com> wrote:
> 
>>Is the MD5hash worth using? Is it error prone or is authorize.net's
>>implementation of it that is error prone?
> 

Matt Warden scribeva in 2005-06-04 23:44:
> One thing (although I could not confirm this with google): I believe
> the algorithm is not one-to-one. In other words, a given string will
> hash the same way every time, but a given hash could be the result of
> md5'ing more than one string. i.e., a collision.

It indeed is not one-to-one: " [The MD5 algorithm] takes as input a 
message of arbitrary length and produces as output a 128-bit 
"fingerprint" or "message digest" of the input" [0]

Obviously you can't expect to convert a terabyte file into 128 bits and 
to get it back intact...

> However, neither of these explains why authorize.net would send you an
> md5 hash that was incorrect. I suspect you were talking to a tech
> support dude(tte) who didn't quite know what he/she was talking about.

They might be talking about the collision problems, but not knowing what 
exactly they said (and me not understanding the whole MD5 issue that 
well) can't be sure.

.k

[0] http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html


More information about the thelist mailing list