MD4 and MD5 Collision Source Code Released

[n4tec]

SiliconEntity writes "The crypto world was shaken to its roots last year with the announcement of a new algorithm to find collisions in the still widely-used MD5 hash algorithm. Despite considerable work and commentary since then, no source code for finding such collisions has been published. Until today! Patrick Stach has announced the availability of his source code for finding MD5 collisions and MD4 collisions (Coral cache links provided to prevent slashdotting).

Source: Slashdot

 

[Bryon]

Oo, time to crack some md5's I have somewhere's around here.. *looks around*


That is pretty cool though, I wonder what this means for the hashing method, overall though.. Doesn't look all that great. :-\

 

[MicrotechXP]

What is this for anyways? What is it used for?

 

[Bryon]

Hash Collision: In computer science, a hash collision is a situation that occurs when two distinct inputs into a hash function produce identical outputs.
en.wikipedia.org/wiki/Hash_collision

Thus, if I get an md5 hash, and cannot brute force it within a reasonable time frame, I could just use the "source" of the collision finder to create a collision. Then I would have two md5 hashes, one I know the "input" for, and another that I have no clue what it is. I could then use the string that was md5'ed as a "password", (If say the first un-cracked md5 was used for a password), and login.

I hope you understand what I mean, eh. Just got home, and I cannot think well for a few reasons.

 

[Bryon]

Why not the Secure Hash Algorithm - 512? Haha.

I just use MD5.. It's not like I'm protecting vital information.. Next time I re-do any login/registration scripts I will change it..

 

[n4tec]

Why not the Secure Hash Algorithm - 512? Haha.

I just use MD5.. It's not like I'm protecting vital information.. Next time I re-do any login/registration scripts I will change it..

there is no problem with SHA-512 and SHA-256 but SHA-0 and SHA-1 are not recommended to be used..