lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4390CF30.8030304@corest.com>
Date: Fri, 02 Dec 2005 19:48:16 -0300
From: Gerardo Richarte <gera@...est.com>
To: bugtraq@...urityfocus.com
Subject: more MD5 colliding examples


	hello everybody, last month we presented in a lightning talk at PacSec
a few interesting and somehow new things related to MD5 collisions: 2
different Win32 .EXE files with the same MD5 hash, and 4 different files
(inputs) with the same MD5 hash.

	These are direct results of reimplementing the already known attacks on
MD5, specifically abusing the fact that collisions can be generated for
arbitrary IVs.

	Today we are releasing some new stuff:

	- The 4 colliding files have been increased to 8 files (there is no
real limit in the number of colliding files which can be generated, this
is just an example of what can be done).

	- Two new Win32 .EXE files, this time with the same MD5 hash and also
the same CRC32, the same checksum 32 and the same checksum 16.

	Of course all this is no big theoretical breakthrough, but it's somehow
interesting to have examples to show to the incredulous.

	All the information (the files and presentation explaining how to
regenerate the files) from PacSec is now available at
http://www.corest.com/corelabs/projects/research_topics.php.

	have fun!
	gera


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ