[cryptography] New result on MD5 collisions
fgrieu at gmail.com
Thu Dec 30 04:12:49 EST 2010
There is a new result on MD5 collisions: it is feasible
for 512 bit messages (instead of 1024 previously [*])
Construct MD5 Collisions Using Just A Single Block Of Message
Tao Xie and Dengguo Feng
The example given is for the two distinct 64-byte messages
which both hash to cee9a457e790cf20d4bdaa6d69f01e41
and differ in 2 bits only.
The method is withheld for untold "security reasons", and a
cash prize of $10000 is announced for another example.
The differential used was previously published in a paper by the
same authors, but exploiting it was then an open problem.
[*] the first collision published was in
Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD
Xiaoyun Wang and Dengguo Feng and Xuejia Lai and Hongbo Yu
exhibiting the two distinct 128-byte messages
which both hash to a4c0d35c95a63a805915367dcfe6b751
and differ in 6 bits, 3 per 512-bit block, with the same
locations/differential in each block.
More information about the cryptography