Slashdot Mirror

← Back to Stories (view on slashdot.org)

MD5 Collision Source Code Released

Posted by Zonk on from the collisiontacular dept.

SiliconEntity writes "The crypto world was shaken to its roots last year with the announcement of a new algorithm to find collisions in the still widely-used MD5 hash algorithm. Despite considerable work and commentary since then, no source code for finding such collisions has been published. Until today! Patrick Stach has announced the availability of his source code for finding MD5 collisions and MD4 collisions (Coral cache links provided to prevent slashdotting). MD4 collisions can be found in a few seconds (but nobody uses that any more), while MD5 collisions (still being used!) take 45 minutes on a 1.6 GHz P4. At last we will be able to implement various attacks which have been purely hypothetical until now. This more than anything should be the final stake in the heart of MD5, now that anyone can generate collisions whenever they want."

7 of 411 comments (clear)

  1. SHA1 by mysqlrocks · · Score: 5, Funny

    So is SHA1 the recommended alternative?

    --
    Bradley Holt
  2. Managed to get just the last few lines... by Saint+Aardvark · · Score: 4, Funny
    ...before even the Coral cache was Slashdotted, and it turns out they've written it in LISP:

    ))))))) ))))))))

    (With sincere apologies to Bryce Jasmer.)

    --
    Carousel is a lie!
    1. Re:Managed to get just the last few lines... by Anonymous Coward · · Score: 5, Funny

      I downloaded the source, but it doesn't seem to be working properly. Does anyone have an md5sum of the original so I can verify I got the right code?

      -confused

  3. The cycle begins anew... by rcbarnes · · Score: 2, Funny

    Great. Now that MD5 is dead, the slow/theoretical attacks on SHA1 can be the focus of collision research. I look forward to changing hash algorythms again from SHA1 in a year. :-/

    --
    "Fight for lost causes. You may discover they weren't."
  4. Should I care? by SlashAmpersand · · Score: 5, Funny

    This is all really interesting theoretically, but who has the money to run a 1.6 GHz P4?

  5. Coral cache? by Viper+Daimao · · Score: 5, Funny

    (Coral cache links provided to prevent slashdotting)

    Im sorry, you must be new here.

    --
    "In the game of life, someone always has to lose. To me, if life were fair, that someone would always be Oklahoma." -DKR
  6. Weak code. by kg_o.O · · Score: 4, Funny

    This code is weak. I fired it up like 20 minutes ago and still haven't r00ted my box.