The cache is NOT at the listed coordinates but only a short walk away. To get the final coordinates you must solve the puzzle first.
A hashing function is a function that takes an input of data and generates a fixed-length set of characters, called a hash, which is unique to the data you provided. Hashes are designed to be irreversible, so you cannot determine the original data from the hash alone. They are used for storing passwords on web servers and verifying the integrity of digital files to ensure they haven't been tampered with during transmission.
When two different inputs generate the same hash, this is known as a collision. A once-popular hashing function known as MD5 was found to produce collisions, along with other vulnerabilities. As a result, MD5 is now considered a "broken" hashing function and is not recommended for use anymore. This cache demonstrates the broken nature of MD5 by using two strings of text that produce a collision.
The Puzzle
Take the following strings of text:
TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak
TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak
If you stare at them long enough, you will notice they differ by one character.
Now, create an MD5 hash from each of these strings and observe how both hashes are identical. Simply googling "MD5 hash" generator will bring up many online tools that can do this for you.
After that, you can submit your hash into the folllowing certitude checker to get the final coordinates.
You can validate your puzzle solution with
certitude.
Further Notes
In cryptography, when we store data in its original form, it is referred to as "plaintext." When you log into geocaching.com or any other website that identifies you through a username and password, it has to verify your credentials to make sure you really are who you claim to be.
To do this securely, websites can't simply store your passwords in plaintext. Instead, they put your password through a special algorithm known as "hashing." A hashing algorithm takes a plaintext input and transforms it into a fixed-length string of seemingly random characters, which is unique to the data you input. When you log into a website with your username and password, the website takes your password, passes it through a hashing algorithm, and compares it to the hash already stored on the server. This hash was created when you first signed up for your account. If the hashes match, the website knows you entered the correct password, and you can log in.
This method ensures that, if a hacker gains access to the website's server, they will only have access to the hashes of passwords, not the passwords themselves. If passwords were stored in plaintext, the results would be disastrous, as anyone with server access could view and misuse passwords. Since many people also reuse passwords across multiple websites (looking at you, reader - I know you’re reusing passwords! Change them now!), a breach could extend far beyond the original website.
The important thing to remember is that hashing is a one-way process. You can input data and get a hash out of it, but not the other way around. It helps to think of a hashing algorithm as a juicer: you put fruit (the plaintext data) into the juicer (the hashing algorithm) and out comes the juice (the hash), which is a unique blend of the fruit you put in. You cannot reassemble the juice back into its original fruits. The process is irreversible... or is it?
Hashing relies on the statistical improbability of two different inputs producing the same output, known as a collision. A good hashing algorithm ensures that the chance of a collision is so astronomically low, it's almost impossible to exploit. For example, the very popular SHA-256 hash produces a 256-bit hash, meaning there are \(2^{256}\) possible hash values. That's a very big number! Because of this huge improbability, even if you were able to compute trillions of hashes per second, you would theoretically still be waiting billions of years before finding a collision.
Unfortunately, MD5, a once-popular hashing algorithm, fell victim to the fact that these statistical improbabilities weren't so improbable for it after all. MD5 only produces a 128-bit hash, so there are \(2^{128}\) possible hash values. But that's not the main problem. In 2004, cryptographers found a way to create two different inputs that produced the same hash. This meant MD5 had been giving us a false sense of integrity while being widely used across computer systems around the world. Later, more serious flaws were found in MD5, and in 2008, the CMU Software Engineering Institute deemed MD5 "cryptographically broken and unsuitable for further use."
Despite MD5 being considered "broken," it continued to be used across computer systems and is still used on several older websites to this day. This is mostly due to software maintainers and system administrators either being too reluctant to switch to a different hash or fearing that updating a mission-critical system may break other parts. Organisations may also fall into the mentality of "if it ain't broke, don't fix it!" - which opens a whole new can of worms about the security risks that come with that mindset. Even the International Criminal Court still hashes its electronic evidence with MD5!
Many argue that the use of MD5 is still justified if it is used for data integrity purposes, like creating a hash of a file to ensure it hasn't been tampered with. This argument holds some truth, but it's a slippery slope.
Sources:
Wikipedia - MD5
Wikipedia - Hashing function
Ketelyn Sills - The Curious case of MD5
Christian Espinosa - Explanation of Cybersecurity Hashing and MD5 Collisions