Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finding MD5 Collisions With Chinese Lottery

Posted by simoniker on from the soon-to-be-distributed-slashdotting dept.

Stanislav Shalunov writes "Jean-Luc Cooke posted a Usenet article describing a distributed webpage-based effort (Chinese Lottery) to find a collision in the MD5 function. All you need to do to participate in the effort is visit the URL that loads the code. The author comments: 'What is interesting about this approach - when we reach final release stage - is that any website that adds this small snippet of code to their pages will have their visitors working on the problem for the duration of their visit to the site'."

5 of 303 comments (clear)

  1. Uhh.. by TCM · · Score: 5, Insightful

    From the link:

    You run an Applet, it reports to us the search results. Distributed computing without installing anything...and without people knowing you're stealing their idle CPU time. ;)

    I don't know about you but I wouldn't lean out the window with the fact that I'm stealing from others.

    Idle CPU time might be unused but I still want to know what my box is doing and why.

    --
    Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
    1. Re:Uhh.. by Phillup · · Score: 4, Insightful

      I personally wouldn't call it "stealing". You pretty much agreed to run Java. Yes, you could be a clueless noob and knot *know* that your browser has it enabled... but, nobody is *making* you run java applets.

      I don't shove it down your pipe... you ask for it.

      Of course this line of reasoning could be extended too far... like the case of all the porn pop-ups... but, even there... I tend to feel that the user is ultimately in control (or should be!) of their own computer. Install Mozilla and don't suffer the pop-ups.

      Better yet... and this is the approach I myself practice... go away. Any time I find a site that ticks me off (bad Java/JavaScript that causes browser naughtiness), I add them to my banned list on my proxy... and never have to suffer the site again.

      Not even unintentionally.

      ---

      Not only that... but my CPU monitor went to a hundred percent.

      Yeah, it is a low priority thread... but... I did notice.

      P.S. "you" does not mean you personally...

      --

      --Phillip

      Can you say BIRTH TAX
  2. Re:Hmmm. by __aaitqo8496 · · Score: 5, Insightful

    I wonder if the good slashdot people would be willing to make this into a slashbox ?

  3. Re:RFI: "collision" means? by WTFmonkey · · Score: 4, Insightful
    The whoop is that MD5 is often used for "fingerprinting" or other unique identification on the internet (et al). Since we all know that what can go wrong will, the question is the definition and accuracy of the infamous phrase "computationally infeasible."

    Basically, in a world where everything was based on a thumbprint, would you want even the smallest chance, no matter how statistically unlikely, that someone else had the same thumbprint as you?

  4. Re:Not ethical by Phillup · · Score: 5, Insightful

    While I completely agree with your sentiment about being upfront... I don't agree with calling it "stealing".

    Who clicked on the link?

    Who has Java enabled on their browser?

    Who has cookies enabled on their browser?

    It isn't like he is doing anything "tricky" or using some "bug" to pull this off. The page doesn't "trap" you. It doesn't eat your CPU and make it impossible to quit the app or go to another page. And, for me, it didn't crash anything.

    I *really* don't understand how this can even remotely be considered stealing. Every single item is being used *as*designed* both by the web author and you.

    The way I see it... someone jumped in a pool... and now they are bitching about your clothes being wet?

    --

    --Phillip

    Can you say BIRTH TAX