Originally posted by: w0ss
From reading many articles I see everyone saying how MD5 has been cracked and it is no longer secure. I searched google and can't find any really technical discussions. Best I can find what really was done to show MD5 is not secure is to have 2 different outputs produce the same MD5 hash. Is that all that was done?
The recent papers on MD5 have shown how an attacker can create two messages that have the same MD5 hash. Thus an attacker can send one you message (you agree to pay $100), which you happily digitally sign (digital signatures are done on the message hash for security reasons, not the message itself). When the attacker tells the judge that you owe him $500 instead, he presents the message that states that you owe him $500 as proof, since you signed its MD5 hash--it's the same hash as that of the first message you saw.
However, no one can do a preimage attack (yet) on MD5. A preimage attack means that given a hash, you could generate a file that produces that hash. If preimage attacks were possible, all old MD5 hash security would be invalid, but with only collision attacks, we only have to worry about using MD5 hashes in digital signatures and such in the future.
Facebook
Twitter