Crack the Code In US Cyber Command's Logo

Dan writes "According to Wired: 'The US military's new Cyber Command is headquartered at Ft. Meade, Maryland, one of the military's most secretive and secure facilities. Its mission is largely opaque, even inside the armed forces. But the there's another mystery surrounding the emerging unit. It's embedded in the Cyber Command logo. On the logo's inner gold ring is a code: 9ec4c12949a4f31474f299058ce2b22a.'"

md5?

[betterunixthanunix]

Looks like it is the same length as an MD5 sum...

Already Solved

[Anonymous Coward]

The first reply in the Reddit thread already has the answer: http://www.reddit.com/r/programming/comments/cmxm0/proggit_if_you_decode_this_i_will_love_you/

And...

[stressclq]

It was quite swiftly found out to be the MD5 hash of (remove quotes): "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

News at 11..

Re:md5?

[Anonymous Coward]

It is a dumb md5 hash and nothing more.

"USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

Re:And...

[tuffy]

There's no newline at the end of the text. Try using "echo -n" over it.

Re:md5?

[jimmyswimmy]

$ echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a  -

Re:md5?

[simcop2387]

whoever you are, you deserve a cookie.

echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a -

Re:md5?

[Doomstalk]

That's because it is an MD5 sum [theregister.co.uk]

Re:md5?

[societyofrobots]

Its just a hash of their mission statement:
http://en.wikipedia.org/wiki/United_States_Cyber_Command [wikipedia.org]

"The text '9ec4c12949a4f31474f299058ce2b22a', which is located in the command's emblem, is the MD5 hash of their mission statement."

Re:md5?

[ailnlv]

its just a hash; in theory you shouldn't be able to recover the original message from an md5sum, since several messages can have the same sum. There is no maximum length to what you can hash using md5.

Re:md5?

[Aphoxema]

MD5s don't hold information, they're a trap-door. It's perfectly possible that another combination of characters would lead to the same MD5, but it's incredibly unlikely that those characters would be lingually meaningful.

Passwords are often "stored" server-side as a hash. Why I quote "stored" is because the password isn't stored at all! The server doesn't know the actual password, you would have to digest every possible combination of characters to find a hash that exactly matches the one stored on the server, but by knowing a string that already does (your password) you're already there.

MD5 alone is a poor choice for trapping important strings because it is possible to "plan" a collision... for example, if a web-site offered you a file and an MD5 hash to test the source of that file, with enough cleverness and computing power another party could give you a different file with the same MD5 hash.

Re:Silly government!

[debrain]

Don't they know MD5 is deprecated. They should be using SHA-1. Off to a disappointing start already...

SHA-1 is deprecated, too. They should be using SHA-2 [wikipedia.org], or if they really want to show off SHA-3 [nist.gov].

Re:md5?

[baryluk]

rfc1321
"The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input."

So it basically means that there is no limit.

(newer hashes, for safety or becuase they use ctr-like modes, define maximal lengths, for example SHA-1 and SHA-256 have limit of 2^64-1 bits. SHA-384 and SHA-512 have limit of 2^128-1. Still 2^64-1 bits is bilions of gigabytes.)

Re:md5?

[LoSt180]

It wasn't on the wiki yesterday when Wired posted the story. If you view the Revision history on the article, you will see the Mission portion has been heavily edited late last night and this morning.

I find today's assumption that a Wiki is a static and never changing reference material pretty appalling..

Re:md5?

[idontgno]

Sheesh.

Either you're trolling or you don't comprehend the difference between hashing, encryption, and compression.

You display a practical understanding of compression: output size is proportionate to input size. But again, since compression algorithms work in blocks or streams of data, there's no theoretical limit to input size. Things like filesystem file size limits may apply, but again, if it's a stream compression with a stream input (e.g., network socket) and a stream output (ditto), there's no limit (other than externals like the finite lifespan of the Universe).

Encryption's affect on size is different than compression. Without padding, encryption output size should be the same as input size. Many algorithms do pad short inputs, so there may be a small increase in output size. Again, since ciphers can operate in stream modes, there are no inherent limits (other than, for instance, available one-time-pad data for OTP ciphers.)

Hashing, on the other hand, is in essence an extremely fancy checksum, specifically designed to use cryptographic functions in order to radically increase the likelihood that the hash value derived from any particular input is relatively unique (i.e., the hash of a particular input is radically different from the hash of another particular input which is almost identical to the first--small differences in input yield obvious differences in output.)

Checksums are, by practical definition, fixed-size, and that size is much smaller than the majority of the potential inputs. The classic checksum is a single check digit: (running total of input) mod 10. Cryptographic hashes (such as MD5--which stands for Message Digest Algorithm 5, btw) are defined to be 128 bits. No matter how long the input is, the MD5 algorithm always produces a 128-bit output, because it iteratively processes bytes of the input 128 bits at a time.

C'mon. You mean to tell me I can take the collected works of Harry Potter and boil them down to a 128 bit MD5 number? Wow that's some amazing test compression. Even ZIP isn't that good!

It's not compression. Compression requires reversibility. Hashes are, by definition, not reversible: a "trap door function". The idea is that you can take an input and digest it into a 128-bit number which relatively uniquely represents it, but you can't reverse the 128-bit number and recover the original input. That would be foolish: "I'll reverse the hash, edit the text, re-hash it, and send it on its way; no one will be the wiser."

MD5 - supposed to be pretty basic

[Firethorn]

I almost replied before I saw the GP's post explaining it, but was hesitant because I was wondering if you were trolling.

'googling it', in this instance, or looking it up on wiki is fairly logical because it will give you a well written description without us going through the effort of writing it ourselves.

I didn't realize it was essentially a random, unrecoverable number.

It's deliberate that you're not able to recover the original message from the MD5 sum, but 'random' is very much NOT true. It's used as data verification - a small change, even just a bit, in the message stream will result in a vastly different number. But feed it the same data, and you'll get the same number back, every time.

This allows you to verify things like messages and binaries haven't been altered from their original verified state.

Re:md5?

[meustrus]

As stated above, the md5 doesn't actually hold the information. It's a "one-way" encryption. There's no way to "decrypt" the hash into the information that created it, because the information is lost. The only way to find what generated the hash is to guess and generate. In this case, the earlier AC just guessed it was the mission statement (based on the clue in TFA) and simcop tried it out.

Because it is "one-way" and an arbitrary amount of information can be lost, there is no limit to the size of the hash. It is very possible to take anything from a two-char string, to the entire Harry Potter series, to the entirety of all data produced by mankind, and produce a 128-bit MD5 sum.

Another way of thinking about it is this: Say that 2+2=4. Now, we know the answer is 4. That doesn't tell us that the equation is 2+2. It could have been 3+1, 4*1, sqrt(16), or anything, really. Similarly, just because we know the answer is 42, doesn't mean we know the equation. 42 is the MD5 sum of life, the universe, and everything, and just because it's meaningless now doesn't mean it was meaningless before it was hashed.

Re:md5?

[ryanleary]

whoooooosh.