Any hashing function that returns a fixed size string, will of course have collisions, finite amount of output, infinate amounts of input. It is the strength of the function that will make it difficult to find these collisions and to limit the number the best it can, however when you can start to predict these collisions it is safe to say the hash has been broken, go look at linux distro download sites, what do they use to validate a valid iso? md5, now that we can predict collisions we can theortically create 2 isos with the same hash, but very different data, lets say a logging method attached to the pam modules? It is also not just isos many applications use md5 to ensure the validity of their binaries, and what of tripwire, can we trust it anymore? While im sure a preimage attack is a long way off, as i said in my previous post, seeing a cell processor churn out 1.8 billion hashes a second, md5 is as good as broken(well in mine and many other security experts eyes).Quote:
Originally Posted by oofki