| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Dec 2005 19:48:16 -0300 From: Gerardo Richarte <gera@...est.com> To: bugtraq@...urityfocus.com Subject: more MD5 colliding examples hello everybody, last month we presented in a lightning talk at PacSec a few interesting and somehow new things related to MD5 collisions: 2 different Win32 .EXE files with the same MD5 hash, and 4 different files (inputs) with the same MD5 hash. These are direct results of reimplementing the already known attacks on MD5, specifically abusing the fact that collisions can be generated for arbitrary IVs. Today we are releasing some new stuff: - The 4 colliding files have been increased to 8 files (there is no real limit in the number of colliding files which can be generated, this is just an example of what can be done). - Two new Win32 .EXE files, this time with the same MD5 hash and also the same CRC32, the same checksum 32 and the same checksum 16. Of course all this is no big theoretical breakthrough, but it's somehow interesting to have examples to show to the incredulous. All the information (the files and presentation explaining how to regenerate the files) from PacSec is now available at http://www.corest.com/corelabs/projects/research_topics.php. have fun! gera
Powered by blists - more mailing lists