| Subcribe via RSS

MD5/MD4 Collision Generator(s).

November 15th, 2005 Posted in Technology

This is actually a big thing (that I haven't seen talked about a lot) - someone has posted a working program capable of generating MD5/4 collisions in under 45 minutes on a 2.4 GHZ processor.

Bugtrack Email here

Website with Source

This is significant because previously, while everyone knew that MD5 was basically worthless at this point (due to the How to Break MD5 and Other Hash Functions paper, people continues to say "but there's no exploit code!".

Now there is. People need to start using something in the realm of SHA-256 for hashing (SHA-1 is "weaker" then expected) or some other authenticity method, but really, MD5 is worthless, and SHA-1 is going to go down as well.

You can see Bruce Schneier's writing on this as well.

Add: Oh look. Slashdot finally caught it

This entry was posted on Tuesday, November 15th, 2005 at 1:49 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “MD5/MD4 Collision Generator(s).”

  1. Matt Wilson Says:

    November 16th, 2005 at 1:58 am

    What does the table on the linked site mean?

    I don’t understand it. Are they showing a bunch of inputs that hash to the same value?


  2. Allen Says:

    November 23rd, 2005 at 6:26 am

    well there goes the niegborhood.. hmm MD6 anyone?


Leave a Reply