Re: md5 collision

matt_left_coast <not@xxxxxxxxxx> writes:

>Peter Pearson wrote:

>> matt_left_coast wrote:
>>> Unruh wrote:
>>>>>When dealing with the first case, you create the first of the two files,
>>>>>then the file IS known. Then you would be dealing with the second case.
>>>> But you have to create them together. You cannot create one and then
>>>> make another which has the same md5.
>>> Exact process, please.
>> The logic here escapes me. Unruh appears to be claiming that
>> you cannot do something ("cannot create one and then make
>> another which has the same md5"), and matt_left_coast appears
>> to be asserting that Unruh should support that claim by
>> detailing how to do something. You cannot show that something
>> is impossible by showing how to do something. If
>> matt_left_coast wishes to claim that one can find a preimage
>> to a given hash, it's up to him to specify how.
>> A recent paper on md5 attacks is "Improved Collision Attack on MD5"
>> by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
>> available at The procedure
>> is outlined in section 3.4. While the details are not essential
>> to this discussion, the alert reader will note that the attack
>> does *not* produce a preimage for a given hash, but rather produces
>> a pair of messages whose hashes match. Unruh is quite right.

>Are the two files useful for ANYTHING? What are you going to do, put up one
>of the files for download and swap it for the other? Yeah, you can generate
>virtually random files that have the same MD5 value but what is the use? It
>is a meaningless exercise in mental masturbation. Other than to prove it
>can be done, what use is it? Can you come up with a truly useful "attack"
>that could be based on this?

No. The two files can contain some random parts, but that can be hidden in
many file formats. Ie, it is easy to create two different word files which
have some random junk in the file area which is not used by word to create
the text such that the two files have the same md5 hash.

>Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
>that 2 legitimate files exist in any place where it could be an issue is so
>ridiculously remote and other issues so much more important that it is
>probably not worth the effort devoted to this discussion.

No it is not. It is now easy for a crook to have you give you one document, and
then produce another with entirely different text but with exactly the same
MD5 hash which is what he claims he signed.