At last, the secret of how to make MD5 collisions is out! See http://cryptography.hyperlink.cz/MD5_collisions.html. This includes the Wang report, probably the one which will be presented at Eurocrypt: http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf. As a bonus, it includes an independent reconstruction of the attack by Vlastimil Klima, http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf. The attack has two parts: finding a first block which almost collides, then finding a second block which eliminates the differences left after the first block. Klima claims that his method is much faster for the first part, taking only 2 minutes compared to an hour for the Wang method. However he was not able to match the Wang performance for the second part; his method is 80 times slower for that. He predicts: "It may be expected that after publishing the Chinese method the overall time for finding a complete collision can fall down to as less as 2 minutes on a PC notebook." Well, now Wang has published her method, linked there on Klima's web site, and so it should be possible in principle to put them both together. No source code is published, but we can create it from the papers. I guess I know what I'll be hacking on this weekend!
participants (1)
-
Anonymous