Tim Peters <tim.peters@gmail.com> writes:
[Michael Hudson, on 30 June 2004]
Nevertheless, am I right to still believe that there are no known distinct strings which even MD5 to the same hash?
[Andrew Kuchling]
Correct.
And two months later, the world is all different again:
Heh, I'd already blogged about that: http://starship.python.net/crew/mwh/blog/nb.cgi/view/weblog/2004/08/18/0
""" import md5
S = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\' '/\xca\xb5\x87\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4' '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%qAZ\x08Q%\xe8\xf7' '\xcd\xc9\x9f\xd9\x1d\xbd\xf2\x807<[\x96\x0b\x1d\xd1' '\xdcA{\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9a\xc7\xf0\xeb' '\xfd\x0c0)\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"' '\xe8\xad\xbay\xcc\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1' '\x9b\n\xd85\xcc\xa7\xe3')
T = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\' '/\xca\xb5\x07\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4' '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%\xf1AZ\x08Q%\xe8\xf7' '\xcd\xc9\x9f\xd9\x1d\xbdr\x807<[\x96\x0b\x1d\xd1\xdcA{' '\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9aG\xf0\xeb\xfd\x0c0)' '\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"\xe8\xad\xbayL' '\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1\x9b\nX5\xcc\xa7\xe3')
assert S != T print md5.new(S).hexdigest() print md5.new(T).hexdigest() print "oops" """
A number of hash functions got cracked since this thread started, by some researchers in China:
Is there any resource that explains these guys results any more fully? The only examples I've seen only differ in a very few bits.
MD5 is truly dead now for "secure" applications.
I'd say it's resting :)
Maybe someone who gives a rip <wink> could update the docs.
Best I understand it, SHA-1 still stands, although a variant with half the rounds has been cracked. It does increase the desirability (IMO) of adding SHA-256, lest SHA-1 get cracked too while Python 2.4.j is still current.
I'm hardly an expert, but I'd still like to know more about this attack. If it's as limited as it could possibly be (i.e. it can only make very specific strings differing by a handful of bits hash the same) then it's only an issue for the paranoid. If it's as wide as it could possibly be it seems that all hash functions we currently know could be doomed. Cheers, mwh -- Q: Isn't it okay to just read Slashdot for the links? A: No. Reading Slashdot for the links is like having "just one hit" off the crack pipe. -- http://www.cs.washington.edu/homes/klee/misc/slashdot.html#faq