[erlang-questions] wow: MD5 broken

Joe Armstrong <>
Sat Dec 1 12:42:44 CET 2007


MD5 is really broken - gulp see

http://www.win.tue.nl/hashclash/SoftIntCodeSign/

You can download two files from this page -- here's the proof

# there are not zero bytes

$ wc HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
      82     711   41792 HelloWorld-colliding.exe
      82     709   41792 GoodbyeWorld-colliding.exe
     164    1420   83584 total
 # the crc32 checksums are different

$ crc32 HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
8beb795c        HelloWorld-colliding.exe
9ede53db        GoodbyeWorld-colliding.exe

$ # the mnd5sums are the same
$ md5sum HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
18fcc4334f44fed60718e7dacd82dddf  HelloWorld-colliding.exe
18fcc4334f44fed60718e7dacd82dddf  GoodbyeWorld-colliding.exe

I wonder how many millions of programs have now become insecure?

/Joe Armstrong



More information about the erlang-questions mailing list