MD5 Now Really Broken
So this isn't news (at all) to cryptographers, but I thought it was worth mentioning: MD5 is now really, really broken. I have two letters I printed sitting on my desk. Both of them are addressed to Julius Caesar, same date, etc. One of them says:
"Alice Falbala fulfilled all the requirements of the Roman Empire intern position. She was excellent at translating roman into her gaul native language, learned very rapidly, ...[...more such text...]
Sincerely,
Julius Caesar"
Basically, a letter of recommendation to hire someone. The second letter says:
"Order: Alice Falbala is given full access to all confidential and secret information about GAUL.Sincerely,
Julius Caesar"
OK, so why is this interesting? I printed the two letters from postscript files. The two postscript files are identical in size and, more to the point, they have the same MD5 hash. That's an amazing thing... MD5 is a one way cryptographic hash function... its sole purpose is to generate a 128 bit "summary" of a message of any size, such that it is extremely unlikely that two messages could generate the same 128 bits (and also such that any minute change in the message results in a completely different hash). Its security rests in 1) it being very, very "hard" to find two such messages, and 2) it being very, very hard to deduce anything about the original message from the hash result.
Assumption #1 is now clearly broken in practical ways. Had Caesar digitally signed the first document, he would also have unwittingly digitally signed the second!
Here's the site where they describe this demonstration: http://www.cits.rub.de/MD5Collisions/
Recent Comments