[erlang-questions] wow: MD5 broken

David Holz david_holz@REDACTED
Sat Dec 1 14:46:39 CET 2007

From: per@REDACTED
> The practical/security question though, is "given an input and a
> resulting hash value, how hard is it to find a different input that
> gives the same hash value?" - and the answer remains, as they point out,
> "impossible".

Exactly.  For those who haven't read the entire article:

The vulnerability is only when doing MD5 checks between two files as a means for equality comparison, *without caring what the MD5 value actually is*, ie not using a "target" MD5 value like handshakes and such do.  What it does is *change BOTH files* to make them have the same arbitrary MD5, which is necessarily different from the original MD5 of the source file.  If you calculate a MD5 hash for a given byte array, it still CANNOT be practically spoofed, and this scheme only works if you can innocuously append arbitrary bytes to the end of the source data without affecting its semantics which is in many cases impossible, especially in streaming data.  Oh, and you'd have to spend about 2 days of number crunching to calculate the appended bytes.

But I agree, small cracks have been appearing in MD5 and migration to something else should be effected before some clever device is implemented to fully break it.  However, the sky is definitely NOT falling on MD5 because of this discovery.
Connect and share in new ways with Windows Live.

More information about the erlang-questions mailing list