MD5 Collisions - Implications
A few weeks ago I wrote a short piece about MD5 hash collisions and how this could have implications on how we use MD5 in cryptography. Well, a group of researchers Arjen Lenstra (Lucent Bell Labs and Technische Universiteit Eindhoven), Xiaoyun Wang (Shandong University, Jinan, China) and Benne de Weger (Technische Universiteit Eindhoven) have released a paper on how they produced a pair of valid X.509 certificates which are based on the MD5 hash-function and that have identical signatures.
Another interesting link - http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf. They used a 1.6GHz Intel Pentium notebook PC to find MD5 collisions in about 8 hours! Interested readers might find the links on this page interesting - http://cryptography.hyperlink.cz/MD5_collisions.html.
Once you have a crack in the dam wall and a trickle starts to flow, a full-blown breach is only a matter of time.