Re: md5 collision

Unruh wrote:

> matt_left_coast <not@xxxxxxxxxx> writes:
>>Unruh wrote:
>>> matt_left_coast <not@xxxxxxxxxx> writes:
>>>>Peter Pearson wrote:
>>>>> matt_left_coast wrote:
>>>>>> Unruh wrote:
>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>second case.
>>>>>>> But you have to create them together. You cannot create one and then
>>>>>>> make another which has the same md5.
>>>>>> Exact process, please.
>>>>> The logic here escapes me. Unruh appears to be claiming that
>>>>> you cannot do something ("cannot create one and then make
>>>>> another which has the same md5"), and matt_left_coast appears
>>>>> to be asserting that Unruh should support that claim by
>>>>> detailing how to do something. You cannot show that something
>>>>> is impossible by showing how to do something. If
>>>>> matt_left_coast wishes to claim that one can find a preimage
>>>>> to a given hash, it's up to him to specify how.
>>>>> A recent paper on md5 attacks is "Improved Collision Attack on MD5"
>>>>> by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
>>>>> available at The procedure
>>>>> is outlined in section 3.4. While the details are not essential
>>>>> to this discussion, the alert reader will note that the attack
>>>>> does *not* produce a preimage for a given hash, but rather produces
>>>>> a pair of messages whose hashes match. Unruh is quite right.
>>>>Are the two files useful for ANYTHING? What are you going to do, put up
>>>>one of the files for download and swap it for the other? Yeah, you can
>>>>generate virtually random files that have the same MD5 value but what is
>>>>the use? It is a meaningless exercise in mental masturbation. Other than
>>>>to prove it can be done, what use is it? Can you come up with a truly
>>>>useful "attack" that could be based on this?
>>> No. The two files can contain some random parts, but that can be hidden
>>> in many file formats. Ie, it is easy to create two different word files
>>> which have some random junk in the file area which is not used by word
>>> to create the text such that the two files have the same md5 hash.
>>In other words, two meaningless files. There is no reason to do this other
>>than to prove it can be done.
>>>>Quite frankly, people worried about the MD5 thing are nuts, the
>>>>likelyhood that 2 legitimate files exist in any place where it could be
>>>>an issue is so ridiculously remote and other issues so much more
>>>>important that it is probably not worth the effort devoted to this
>>> No it is not. It is now easy for a crook to have you give you one
>>> document, and then produce another with entirely different text but with
>>> exactly the same MD5 hash which is what he claims he signed.
>>But you said " One cannot create a second file with the same md5 hash as
>>a given file." Here you are saying it would be EASY! Get your stories
> GEt your reading straight. I said you cannot create a second file with the
> same md5 hash as a GIVEN file. What is easy is to create two files with
> the same md5 hash.
> He gives you one, but uses the other.

Nope, you stated that he gives me the file "and then produce another".
Re-read what you said. The way you wrote it he produces the second file
AFTER he gave me the first. Get your facts straight.

A comparison of the two prove fraud, not smart.