The MD5 algorithm returns a fixed-length 128-bit hash, so there are 2128 possible values. The hash is typically expressed as a series of 32 hexadecimal values. Since the input string and its hash must be the same to reflect the Kember Identity, you wouldn't need to test random strings like "ruby on rails rots your brain"; you only need to test strings that are 32-characters long and contain the numbers 0 though 9 and letters a through f like
Kember suggests testing values at random because the range of candidates is so large (2128 is
- Deterministic machines cannot generate truly random numbers
- Reoccurring values in the sequence will cause an invalid hash to be rested
- There are some values that may never be tested
Additionally, one has to consider the possibility that such a value doesn't exist. The odds of finding the Kember Identity are actually quite small:
The only reliable way to programmatically identify whether the Kember Identity exists and what hashes exhibit it is to test each hashes sequentially and record the results.
The whole thing might not bother me if money wasn't involved. Just send Mr. Kember your $5 entry fee and you're eligible to win the prize pot if your script is first to find the magical hash! But I have a few questions:
- How do I contact Mr. Kember to receive my prize when I find a hash that exhibits the Kember Identity?
- What happens to my $5 and the rest of the prize money if it is proven the Identity doesn't exist?
- At 60-million hashes an hour, it would take over
646,987,670,262,051,588,140,743millennia to verify them all. How long does Mr. Kember plan on holding on to the prize money?