[erlang-questions] wow: MD5 broken

Toby Thain <>
Sat Dec 1 13:12:47 CET 2007


On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:

> MD5 is really broken - gulp see
>
> http://www.win.tue.nl/hashclash/SoftIntCodeSign/
>
> You can download two files from this page -- here's the proof
>
> # there are not zero bytes
>
> $ wc HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
>       82     711   41792 HelloWorld-colliding.exe
>       82     709   41792 GoodbyeWorld-colliding.exe
>      164    1420   83584 total
>  # the crc32 checksums are different
>
> $ crc32 HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
> 8beb795c        HelloWorld-colliding.exe
> 9ede53db        GoodbyeWorld-colliding.exe
>
> $ # the mnd5sums are the same
> $ md5sum HelloWorld-colliding.exe GoodbyeWorld-colliding.exe
> 18fcc4334f44fed60718e7dacd82dddf  HelloWorld-colliding.exe
> 18fcc4334f44fed60718e7dacd82dddf  GoodbyeWorld-colliding.exe
>
> I wonder how many millions of programs have now become insecure?

The paper concludes,
"MD5 should no longer be used as a hash function for software  
integrity or code signing purposes."
...but isn't a good workaround just to use more than one hash, e.g.  
MD5+SHA1?

--Toby


>
> /Joe Armstrong
> _______________________________________________
> erlang-questions mailing list
> 
> http://www.erlang.org/mailman/listinfo/erlang-questions




More information about the erlang-questions mailing list