Practical Exploits of Broken MD5 Algorithm

jose parinas writes "A practical sample of an MD5 exploit can be found, with source code included,in codeproject, a site for .Net programmers. The intent of the demos is to demonstrate a very specific type of attack that exploits the inherent trust of an MD5 hash. It's sort of a semi-social engineering attack. At Microsoft, the MD5 hash functions are banned. The main problem is that the attack is directed to the distribution of software process, as you can understand reading the paper, Considered Harmful Someday. Some open source programs, like RPM, use MD5, and in many open source distributions MD5 is used as check sum."

M$ Antihash

[CDMA_Demo]

At Microsoft, the MD5 hash functions are banned.

they use crc instead!

Re:M$ Antihash

[DrSkwid]

and your point is ?

you'll be telling me Huffman encoding is dangerous next !

There's a simple solution

MD5 --> MD6

Re:from the tin-foil-hat-dept

By the way:

1) I am risking my life right now for writting this and I must leave the internet cafe in 4 minutes.

2) See who claims that MD5 is insecure, follow the links and understand who knows the backdoor to the "alternative, more secure" hashing algorithm.

GTG

Re:So if you need a freely available hash algorith

[commodoresloat]

...better use Tiger

Once again, OSX proves to be more secure!

*ducks*

On Slashdot..

surprisingly many stories hashes to the same value..

Re:A quick note

[commodoresloat]

you can't actually take a random RPM and turn it into an evil RPM

Sure you can; all you need to do is set the evil bit.

Re:from the tin-foil-hat-dept

[grimJester]

Hey, wait up, you forgot your wallet, mr... Anderson?