Study: Birthday Attack

By Daniel Miessler on September 7th, 2004: Tagged as Technology

The birthday attack is a statistical phonomenon that makes the brute forcing one-way hashes easier.

In order for there to be a 50% chance that someone in the room shares your birthday, there needs to be 253 people in the room. If, however, you are looking for a greater than 50% chance that any two people who have the same birthday, you only need 23 people.

This works because the matches are based on pairs. If chose myself as one side of the pair, then I need 253 people to get to the magic number of 253. In other words, it’s me combined with 253 other people to make up 253 pairs. But if I am only concerned with maches and not necessarily someone matching me, then we only need 23 people in the room. Why? Because 23 people can form 253 pairs when cross-matched with each other.

The number 253 doesn’t change, it’s just that a single person isn’t being compared against in the second case – and hence the number of people required to get to the 50% mark drops significantly.

  • Digg
  • Reddit
  • HackerNews
  • StumbleUpon
  • DZone
  • Google Bookmarks
  • Twitter
  • Facebook
  • del.icio.us
  • FriendFeed
  • Posterous
  • RSS
  • email
  

View Comments

blog comments powered by Disqus

 

twitter_icon

Sample Original Content


Information Security

Tutorials and Primers

Culture & Society

Technology & Science

Politics

Philosophy & Religion

Miscellaneous

Tools & Projects


Blog Archives