Slashdot Mirror


Practical Exploits of Broken MD5 Algorithm

jose parinas writes "A practical sample of an MD5 exploit can be found, with source code included,in codeproject, a site for .Net programmers. The intent of the demos is to demonstrate a very specific type of attack that exploits the inherent trust of an MD5 hash. It's sort of a semi-social engineering attack. At Microsoft, the MD5 hash functions are banned. The main problem is that the attack is directed to the distribution of software process, as you can understand reading the paper, Considered Harmful Someday. Some open source programs, like RPM, use MD5, and in many open source distributions MD5 is used as check sum."

2 of 253 comments (clear)

  1. Re:Checksums are always going to be vulnerable by MaGogue · · Score: 0, Troll

    Of course, but the trick is to find algorithms that are hard to reverse, that is to find a plaintext for any given checksum.

  2. from the tin-foil-hat-dept by Anonymous Coward · · Score: -1, Troll

    Actually this all tells me that MD5 is very secure.

    Why?
    It was designed before the NSA had a chance to muddle with the crypto-science.

    Now they want to *BAN* it in favor of some other hash algorithm which was designed with the aid of NSA and is supposedly more secure but has a secret backdoor. MD5 doesn't have a backdoor. That's why *THEY* want to kill it ASAP.