Programming

MD5 Collisions - Implications

A few weeks ago I wrote a short piece about MD5 hash collisions and how this could have implications on how we use MD5 in cryptography.  Well, a group of researchers Arjen Lenstra (Lucent Bell Labs and Technische Universiteit Eindhoven), Xiaoyun Wang (Shandong University, Jinan, China) and Benne de Weger (Technische Universiteit Eindhoven) have released a paper on how they produced a pair of valid X.509 certificates which are based on the MD5 hash-function and that have identical signatures.

http://www.win.tue.nl/~bdeweger/CollidingCertificates/

Another interesting link - http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf.  They used a 1.6GHz Intel Pentium notebook PC to find MD5 collisions in about 8 hours!  Interested readers might find the links on this page interesting - http://cryptography.hyperlink.cz/MD5_collisions.html.

Once you have a crack in the dam wall and a trickle starts to flow, a full-blown breach is only a matter of time.



Adrian Kingsley-Hughes
Last updated: March 8th 2005
Print This Page   |   Email me when this page changes    |  Search This Site



Crucial.com System Scanner does the work for you!



links.inc"); ?>

Contact Us