Re: MD5 collisions found - alternative?

[Almut Behrens <almut-behrens@gmx.net>]

On Wed, Aug 25, 2004 at 01:15:13AM -0400, Hubert Chan wrote:
> 
> Ah, but then using that definition of "oneway", every hash is oneway,
> since there must always be some hash value corresponding to two
> different input strings (assuming the input space is larger than the
> output space, which is generally the case).  Since every hash is oneway,
> this renders the term meaningless.  So the only useful notion of oneway
> is that the hash is not easily invertible (i.e. you can't easily find
> some string that produces a given hash value).

Okay, I guess I finally got it.  Thanks for the clarifications.
Let me just rephrase it in my own words to make sure my updated
understanding now matches the notion commonly held in cryptography
circles.  No need to respond unless you still find some flaws in it :)

So, if you can somehow come up with an input string (except by brute
force search), which computes to some given hash, that means you
inverted the function, and it's thus not oneway -- nothing more and
nothing less.  It has nothing to do with whether there exists some
theoretic backward mapping from output to input that would uniquely
retrieve the string originally used to compute the hash.

The crucial point here simply was my rather different conception of
invertability.  So, now, the addition operation I mentioned is clearly
_not_ oneway, in contrast to what I proclaimed originally ;)

Makes sense now -- and makes much of what's been said so far appear in
a different light. (And it hopefully explains some of the objections I
had, that presumably must have seemed a little weird to anyone with a
'cryptographic' mindset...)

Thanks again everyone for taking the time.