3

I have a question related to some old hashes like MD5 and SHA-1. Both of them are not very safe for sure, but is there any way to increase its output length? The output length of the MD5 is 32 hex digits or 16 bytes and I want to extend it to 18 bytes (for example).

Is it possible to abuse the standard algorithm this way? Are there any attacks for it? Some kind of value overflow?

I am Reverse Engineering one file and this could be very handy for understanding its workflow. The file itself uses CryptCreateHash function in C++ for hashing (if it is useful information)

Thank you.

Matthew Darens
  • 129
  • 2
  • 8

2 Answers2

2

No, not in a way you're probably asking about. The hash definition itself relies on a specific size of internal buffers and defines what is the size of the output. You can't extend MD5 output to be longer without making it... not MD5 anymore.

Typically you can "strenthen" a weak hash instead, by repeating the hashing and adding random prefixes to avoid possible rainbow tables. For example in PBKDF2, you can still use older hashes - but because you'd typically use a salt, a HMAC construct, and many hash iterations, it's much harder than the hash itself. For example I wouldn't feel unsafe about my password hashed with PBKDF2-HMAC-MD5 with enough iterations.

PBKDF2 is also a nice system for expanding existing hashes into larger outputs - similar to what you're asking about.

viraptor
  • 33,322
  • 10
  • 107
  • 191
  • Thank you for answering! I am asking this not for "strenthen" and I know about this way (but still thanks for explanation). I was curious for this and was looking for some hash vulnerabilities that I don't know yet. – Matthew Darens Nov 17 '19 at 08:59
0

Safe is relative, using MD5 for determining if any files in your application need an update for example (i.e Steam Verify Cache) is completely acceptable. Generally speaking it is never a good idea to modify cryptographic standards, particularly if it's not your expertise. You can use some custom encryption like rolling xor key and then MD5 that for some additional masking. I'm a bit confused about why you're asking about this though in relation to reversing a binary that uses CryptCreateHash.

Pickle Rick
  • 808
  • 3
  • 6
  • Yeah, sorry if it sound confusing. The point is that I am not trying to create anything new in case of modifying the MD5 and etc. I'm trying to find the way to break the MD5 final output. For me it can lead to some overflow issues for the file I am reversing (and that is what I am looking for). It is already uses MD5 in the standard way and I can do nothing with it, but I can try to put some values to break it (if there any) – Matthew Darens Nov 17 '19 at 08:47