Results 1 to 10 of 10

Thread: MD5 Pwned

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    MD5 Pwned

    Chsh and I had quite a few words over this last year. Almost 11 months later, vindication has arrived for me.

    http://it.slashdot.org/article.pl?si...37232&from=rss

    MD5 Collision Source Code Released
    Posted by Zonk on Tuesday November 15, @04:16PM
    from the collisiontacular dept.
    SiliconEntity writes "The crypto world was shaken to its roots last year with the announcement of a new algorithm to find collisions in the still widely-used MD5 hash algorithm. Despite considerable work and commentary since then, no source code for finding such collisions has been published. Until today! Patrick Stach has announced the availability of his source code for finding MD5 collisions and MD4 collisions (Coral cache links provided to prevent slashdotting). MD4 collisions can be found in a few seconds (but nobody uses that any more), while MD5 collisions (still being used!) take 45 minutes on a 1.6 GHz P4. At last we will be able to implement various attacks which have been purely hypothetical until now. This more than anything should be the final stake in the heart of MD5, now that anyone can generate collisions whenever they want."
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915

    Re: MD5 Pwned

    Originally posted here by thehorse13
    Chsh and I had quite a few words over this last year. Almost 11 months later, vindication has arrived for me.

    http://it.slashdot.org/article.pl?si...37232&from=rss

    MD5 Collision Source Code Released
    Posted by Zonk on Tuesday November 15, @04:16PM
    from the collisiontacular dept.
    SiliconEntity writes "The crypto world was shaken to its roots last year with the announcement of a new algorithm to find collisions in the still widely-used MD5 hash algorithm. Despite considerable work and commentary since then, no source code for finding such collisions has been published. Until today! Patrick Stach has announced the availability of his source code for finding MD5 collisions and MD4 collisions (Coral cache links provided to prevent slashdotting). MD4 collisions can be found in a few seconds (but nobody uses that any more), while MD5 collisions (still being used!) take 45 minutes on a 1.6 GHz P4. At last we will be able to implement various attacks which have been purely hypothetical until now. This more than anything should be the final stake in the heart of MD5, now that anyone can generate collisions whenever they want."
    I saw this on FD yesterday... my roommate and I were discussing it last night... I'm glad that I skipped MD5 and went with SHA-1 hashing on the last website I wrote..

    hrmm... I'm kinda pathetic.. My roommate gets back from a week Jamaica and we talk about MD5 collisions.. hehe..

    So how long until SHA-1 is this bad? SHA-256... SHA-384... SHA-512... What's next for us in the world of hashing...

    Peace,
    HT

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I saw this on FD yesterday... my roommate and I were discussing it last night... I'm glad that I skipped MD5 and went with SHA-1 hashing on the last website I wrote..
    If it's talked about, it's probably already done, or well on its to being done.

    SHA-1 was talked about not long after MD5, if memory serves me correctly, watch out.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by jinxy
    If it's talked about, it's probably already done, or well on its to being done.

    SHA-1 was talked about not long after MD5, if memory serves me correctly, watch out.
    That's true it was.... However, that'll be a year from now almost... However, all I have to do is surive a year.. then I'm no longer responsible for supporting the site. I've got about 4 months left on that year.... I don't think we'll see something similar to this for SHA-1 in the next 4 months *crosses fingers*

    Peace,
    HT

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    HT, if my memory serves me correctly SHA-1 had a problem within a month of MD5?
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    Would've been fun looking at swordfish, where the guy must crack some code while getting a *******... "This is gonne take 45 minutes, so you just keep going aight"
    Double Dutch

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by jinxy
    HT, if my memory serves me correctly SHA-1 had a problem within a month of MD5?
    Yeah... shhhh.. I'm still figuring it'll be longer than 4 months before we see something comparable...

    neel: getting a ******* while yer on the PC is awesome..

    Peace,
    HT

  8. #8
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    i wouldnt know
    work it harder, make it better, do it faster, makes us stronger

  9. #9
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    It is possible to find a collision in SHA-1 in 2^69 operations. I think this was discovered by the Chinese proffesors. This was announced on Crytpo 2005. Use SHA-256 to truncate the output to 160 bits. It's the fastest workaround. I found this on the web:

    Technical Overview: Such attacks first pinpoint a favorable message differential D, such that two messages m and m XOR D have a higher than expected probability of having the same hash value. Depending on the differential, some number of probabilistic conditions must be met. The work of [WYY] employed a technique called "message modification" to eliminate some of these conditions which appeared in the early stages of the hash compression function. This reduction allowed them to achieve an overall complexity of 2^69 for the collision attack.

    Also have a look here for more info: http://www.schneier.com/blog/archive...a1_broken.html

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: MD5 Pwned

    Originally posted here by thehorse13
    MD4 collisions can be found in a few seconds (but nobody uses that any more), {...}
    Huh?

    NT-type passwords are derived by converting the user's password to Unicode, and using MD4 to get a 16-byte one-way hash.
    http://is-it-true.org/nt/atips/atips92.shtml
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •