Slashdot Mirror


MD5 Collision Source Code Released

SiliconEntity writes "The crypto world was shaken to its roots last year with the announcement of a new algorithm to find collisions in the still widely-used MD5 hash algorithm. Despite considerable work and commentary since then, no source code for finding such collisions has been published. Until today! Patrick Stach has announced the availability of his source code for finding MD5 collisions and MD4 collisions (Coral cache links provided to prevent slashdotting). MD4 collisions can be found in a few seconds (but nobody uses that any more), while MD5 collisions (still being used!) take 45 minutes on a 1.6 GHz P4. At last we will be able to implement various attacks which have been purely hypothetical until now. This more than anything should be the final stake in the heart of MD5, now that anyone can generate collisions whenever they want."

2 of 411 comments (clear)

  1. Re:shaken to our what? by Anonymous Coward · · Score: 0, Flamebait

    Christ, so now you're implying you're a professional cryptographer, Tom? A bug-ridden open source crapfest is not professional software development.

  2. Re:SHA1 by Anonymous Coward · · Score: -1, Flamebait
    WHAT DID I SAY?

    READ MY FUCKING POST. HERE IT IS AGAIN MAYBE YOU'LL READ IT THIS TIME

    When migrating existing hashes to the new hash be careful not to store the old hash anywhere -- that can be the weak link in the chain. For example, generating passwords and having the MD5 around lets attackers generate valid inputs and then try them against the more computationally complex hash. It gives them an approach to attacking your stronger hash.