[erlang-questions] wow: MD5 broken
Joe Armstrong
erlang@REDACTED
Sat Dec 1 12:42:44 CET 2007
MD5 is really broken - gulp see
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
You can download two files from this page -- here's the proof
# there are not zero bytes
$ wc HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
82 711 41792 HelloWorld-colliding.exe
82 709 41792 GoodbyeWorld-colliding.exe
164 1420 83584 total
# the crc32 checksums are different
$ crc32 HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
8beb795c HelloWorld-colliding.exe
9ede53db GoodbyeWorld-colliding.exe
$ # the mnd5sums are the same
$ md5sum HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
18fcc4334f44fed60718e7dacd82dddf HelloWorld-colliding.exe
18fcc4334f44fed60718e7dacd82dddf GoodbyeWorld-colliding.exe
I wonder how many millions of programs have now become insecure?
/Joe Armstrong
More information about the erlang-questions
mailing list