Given that the original file is larger than the hash function's block size (128 bits for MD5; 160 bits for SHA-1), it is certainly possible to create a MD5 or a SHA1 collision with a file of the same size. The file size requirement introduces absolutely no additional difficulty. Start with a file of the same size, filled with any data you want (random bits are fine). Then adjust the last block of data to get the hash value you are seeking.
This is probably feasible today with MD5 given a motivated and well funded agency. Given the size and motivation of the movie industry, it may even be feasible for them to find a collision under SHA1 for their latest blockbuster movies. Undoubtedly the attacks on SHA1 will become more efficient over time, especially given that Moore's law has not finished its work yet.
A new hash standard is needed. SHA256 might be good enough. Or we might need a completely new approach. Meanwhile, delivering two separate and independent hash values (SHA1 and MD5) might be sufficient.
Slashdot Mirror
Given that the original file is larger than the hash function's block size (128 bits for MD5; 160 bits for SHA-1), it is certainly possible to create a MD5 or a SHA1 collision with a file of the same size. The file size requirement introduces absolutely no additional difficulty. Start with a file of the same size, filled with any data you want (random bits are fine). Then adjust the last block of data to get the hash value you are seeking.
This is probably feasible today with MD5 given a motivated and well funded agency. Given the size and motivation of the movie industry, it may even be feasible for them to find a collision under SHA1 for their latest blockbuster movies. Undoubtedly the attacks on SHA1 will become more efficient over time, especially given that Moore's law has not finished its work yet.
A new hash standard is needed. SHA256 might be good enough. Or we might need a completely new approach. Meanwhile, delivering two separate and independent hash values (SHA1 and MD5) might be sufficient.