mrd

Leveraging synergy in this championship year
Michael Davies' Blog

Michael Davies
michael [at] the-davies.net
GPG Id: 0x0AA9D6FC
RSS feed.

No Software Patents


< September 2004 >
SuMoTuWeThFrSa
    1 2 3 4
5 6 7 8 91011
12131415161718
19202122232425
2627282930  


Local
  chicago
  docs
  photo blog
  planet
  site-index
  software

News
  lwn
  /.
  linuxtoday
  kernel traffic
  theregister
  abc
  bom
  

Software
  sourceforge
  savanna
  tigris
  ibiblio
  freshmeat
  tridge's junkcode
  here
  

Utility
  absolute truth
  google
  wikipedia
  convert currency
  convert time
  convert tongues
  convert temperature
  convert temperature (2)
  linux man pages
  thesaurus
  dictionary
  acronyms
  street maps downunder
  street maps usa
  toilets downunder
  


My Amazon Wishlist

www.flickr.com

Powered by PyBlosxom

Copyright © 2003, 2004, 2005, 2006, 2007, 2008 Michael Davies,
All Rights Reserved.
All opinions are mine only.

MD5 Collision Found

A report of an MD5 Collision on Aug 17, 2004: 

      Consider these 128-byte files, which only differ in six bytes (in fact
      their Hamming distance is only six bits, too):

      file1.dat:

        00000000  d1 31 dd 02 c5 e6 ee c4  69 3d 9a 06 98 af f9 5c
        00000010  2f ca b5 87 12 46 7e ab  40 04 58 3e b8 fb 7f 89
        00000020  55 ad 34 06 09 f4 b3 02  83 e4 88 83 25 71 41 5a
        00000030  08 51 25 e8 f7 cd c9 9f  d9 1d bd f2 80 37 3c 5b
        00000040  96 0b 1d d1 dc 41 7b 9c  e4 d8 97 f4 5a 65 55 d5
        00000050  35 73 9a c7 f0 eb fd 0c  30 29 f1 66 d1 09 b1 8f
        00000060  75 27 7f 79 30 d5 5c eb  22 e8 ad ba 79 cc 15 5c
        00000070  ed 74 cb dd 5f c5 d3 6d  b1 9b 0a d8 35 cc a7 e3

        MD5(file1.dat) = a4c0d35c95a63a805915367dcfe6b751

      file2.dat:

        00000000  d1 31 dd 02 c5 e6 ee c4  69 3d 9a 06 98 af f9 5c
        00000010  2f ca b5 07 12 46 7e ab  40 04 58 3e b8 fb 7f 89
        00000020  55 ad 34 06 09 f4 b3 02  83 e4 88 83 25 f1 41 5a
        00000030  08 51 25 e8 f7 cd c9 9f  d9 1d bd 72 80 37 3c 5b
        00000040  96 0b 1d d1 dc 41 7b 9c  e4 d8 97 f4 5a 65 55 d5
        00000050  35 73 9a 47 f0 eb fd 0c  30 29 f1 66 d1 09 b1 8f
        00000060  75 27 7f 79 30 d5 5c eb  22 e8 ad ba 79 4c 15 5c
        00000070  ed 74 cb dd 5f c5 d3 6d  b1 9b 0a 58 35 cc a7 e3

        MD5(file2.dat) = a4c0d35c95a63a805915367dcfe6b751

      This clearly shows that the resistance of MD5 against collision attacks
      is significantly lower than 2^64 indicated by its 128-bit digest. Since       
      the attack allows free selection of IV, these attacks mean that MD5
      should not be used for any serious cryptographic purpose. 

      Note for that because MD5 is a chained hash function, you can generate an 
      infinity of new collisions from these by simple process of concatenation:

          $ echo 'Hello, World!' > hello.txt
          $ cat file1.dat hello.txt | md5sum
          158701224aef36986648d9f0dfb0ca3c  -
          $ cat file2.dat hello.txt | md5sum
          158701224aef36986648d9f0dfb0ca3c  -

Time to patch passwd(1)? :-)

tech/code | 20 Sep 2004 | #

Envy

Got around to installing Ubuntu on shadowfax alongside Fedora Core 2. Very nice...

P.S. I want this.

tech/misc | 20 Sep 2004 | #

 

This web page is optimised for standards.
If this page renders poorly, upgrade to a standards-compliant browser (like Firefox).
This page is Copyright © 2004, 2005, 2006, 2007, 2008 Michael Davies. All Rights Reserved.