A case of mistaken (Kember) Identity
I just got pointed to @elliottkember’s page about a challenge he calls “The Kember Identity” – basically a search for a 32-character string which, when passed through the MD5 function, returns a 128 bit value – which when converted to its hexadecimal string representation, is identical to the original string.
I’ve been trying to wrap my head around exactly WHY Elliott Kember is trying to find such a value, except perhaps for the lucrative naming rights to such a weird trivia bit.
The funny thing, is that the 32 character input string, as input to the MD5 function, is a 256 bit input. The output, before its encoded as a hexadecimal string, is 128 bits. So while the effort being throw by various people at this challenge is admirable, its not really a search for a true MD5 identity value.
Additionally, if I remember my Applied Cryptography correctly (and if I don’t and by some chance Bruce Schneier happens upon this blog post, I am sure I’ll be turning red even if I never find out about it)… the MD5 function processes its input in 512 bit chunks. So any input that’s less than 512 bits, essentially gets padded to 512 bits to make all the gears spin. If I think about it this way, then there’s really no such thing as a possible MD5 function “identity value” given that in a strict interpretation, the domain and the range can’t overlap.
Elliott states that the exercise is a “proof of concept” on the front page of his site. I suppose its an interesting exercise – perhaps in seeing how quickly a problem can be implemented in as many languages as possible with the help of twitter, the web, etc, etc. I applaud Elliott for thinking of it. I just hope it doesn’t land him an entry in Urban Dictionary that defines a Kember Identity as a case of mistaken identity. Oh, and let me know if any geniuses out there introduce similar challenges for SHA, RIPE-MD, etc, etc. Also I haven’t considered the possibility that this might all be British humor of some weird variety. Clue me in if it is.