Gervase Markham schrieb: > Nils Maier wrote: > [...] >> PS: the Link-Fingerprints "standard" says: >>> Clients are encouraged not to implement any hash algorithms other >>> than MD5 and SHA-256, until and unless SHA-256 is found to have flaws. >> MD5 is broken, you can find collisions in just hours. > > OK, then. I have a file with the following MD5: > 6dfabd7a681569ac0b9d6b010bec88d6 /home/gerv/docs/hacking/doorbell.png > Please find any other file (I'll make it easy, and won't require it to > be a valid XPI with a trojan payload) with the same MD5 in "just hours", > and send me a copy as an attachment. > > Gerv
Good overview incl. some conclusions by the author: http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf Certificates: http://www.win.tue.nl/~bdeweger/CollidingCertificates/ http://www.win.tue.nl/hashclash/TargetCollidingCertificates/ Chosen Prefix (impractical ATM): http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/ Nice Demo (different executables, chosen suffixes): http://www.mscs.dal.ca/~selinger/md5collision/ ISO format remarks (see Updates): http://cryptography.hyperlink.cz/2004/collisions.htm And just to give you that warm fuzzy feeling you hoped for when you created your "challenge": No, it isn't that easily possible to create files for a given hash (while they found better ways than brute-force already; see rainbow tables). But that was never my point anyway (I talked about collisions)... And does not make md5 less broken than I claimed and researchers found it was. Nils _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
