The Birthday Attack
The birthday attack is a statistical phenomenon relevant to information security that makes the brute forcing of one-way hashes easier. It’s based off of the birthday paradox, which states that in order for there to be a 50% chance that someone in a given room shares your birthday, you need 253 people in the room.
If, however, you are looking for a greater than 50% chance that any two people in the room have the same birthday, you only need 23 people.
This works because the matches are based on pairs. If I choose myself as one side of the pair, then I need a full 253 people to get to the magic number of 253 pairs. In other words, it’s me combined with 253 other people to make up all 253 sets.
But if I am only concerned with matches and not necessarily someone matching me, then we only need 23 people in the room . Why? Because it only takes 23 people to form 253 pairs when cross-matched with each other.
So the number 253 doesn’t change. That’s still the number of pairs required to reach a 50% chance of a birthday match within the room. The only question is whether each person is able to link with every other person. If so you only need 23 people; if not, and you’re comparing only to a single birthday, you need 253 people.
This applies to finding collisions in hashing algorithms because it’s much harder to find something that collides with a given hash than it is to find any two inputs that hash to the same value
Reference:
Hello,
ReplyDeleteYour article shows an excellent explanation about the birthday attack and I even went to the source of the article and read more about the birthday attack and I understand that the birthday attack is used to find the same hash value for two different inputs and reveal any mathematical weaknesses in a hashing algorithm.
Excellent job