Practical Exploits of Broken MD5 Algorithm
jose parinas writes "A practical sample of an MD5 exploit can be found, with source code included,in codeproject, a site for .Net programmers.
The intent of the demos is to demonstrate a very specific type of attack that exploits the inherent trust of an MD5 hash. It's sort of a semi-social engineering attack.
At Microsoft, the MD5 hash functions are banned.
The main problem is that the attack is directed to the distribution of software process, as you can understand reading the paper, Considered Harmful Someday. Some open source programs, like RPM, use MD5, and in many open source distributions MD5 is used as check sum."
a new age
Well, if you download illegal ISOs from the net and get a virus from it: SUITS YOU, SIR!!!
The problem with this "exploit" is that the exploit writer controls all sides of the equation. When you can abitrarily develop extra weak protection mechanisms, it's easy to exploit said mechanism.
If this chowderhead loser wants to impress somebody he should go out and grab a copy of the latest bzip2-ed linux kernel and checksum from kernel.org and release a trojaned version that has the same compressed size and the same md5 hash as published by kernel.org.
Idiots. I should write a letter to the guy's boss so he can see what kind of dumbshittedness goes on inside his employees brain.