PDA

View Full Version : Exploiting MD5


evilcry
September 25th, 2005, 03:10
Here an intersting article that explains how to "exploit" MD5's collisions

http://www.codeproject.com/useritems/HackingMd5.asp

There is also an intersting demo application written in C#

Hope could interest someone

Have a nice day

dELTA
September 25th, 2005, 06:36
Thanks for the tip.

bilbo
September 26th, 2005, 11:13
Finally some code to play with, after Chinese exploits!
Thanks, bilbo

0xf001
September 26th, 2005, 21:05
thanks for the tip !

starting from that page one could get a huge amount of information

but i was a bit disappointed by the presented code - that is just an implementation of the "exploit" which imho does not show anything.

the most valuable info (personal opinion!! ) i still found here:

http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf

as it describes the approach on how to find collisions.
i am quite sure this doc was allready posted

the info

if H(a) == H(b) then applies H(a+x) == H(b+x)

whereby x is your real data and a,b is a collision vector

is imho the most relevant on the topic and colission vectors are present on the internet (also in the mentioned source)
the art then is to find a way dealing with the different binary formats to incorporate the collision. as you have to prepend something (the one "plaintext" of your collision) to your data which can be tricky (the resulting file should still work with your data)

what i find really cool is this effort which also spread in the news

http://www.win.tue.nl/~bdeweger/CollidingCertificates/CollidingCertificates.pdf

this combined technique should be most shocking as it is applied onto X.509 certificates hehehe

cheers, 0xf001

LLXX
September 27th, 2005, 02:32
Very nice discovery. And a few years ago we all thought it was impossible to generate MD5 collisions within a short amount of time. I predict that within the next few years MD5 will be as secure as CRC32 is today, with the speed of computer hardware increasing at its present rate.

What would really be interesting would be arbitary binary data that MD5'd to some 16-byte long ASCII message. However at the moment it is still nearly impossible to reverse MD5. All we can do is generate collisions quickly.

evilcry
October 1st, 2005, 03:14
Really intersing links 0xf001
thanks

homersux
November 15th, 2005, 19:58
Not sure if this is worth a separate thread, but the source code of finding md5 collision has been published. The story was covered on slashdot. It takes roughly 50 minutes on modern PC to find MD5 collisions.

dELTA
November 16th, 2005, 13:49
Yep:

http://www.stachliu.com/collisions.html

LLXX
November 17th, 2005, 01:19
Quote:
[Originally Posted by dELTA]Yep:

http://www.stachliu.com/collisions.html

Wow. 45 minutes on a 1.6GHz P4, and my machine is ~2.5x that speed (4.17GHz P4). What's even more interesting is the MD4 collision finder below that - "Average runtime on 1.6GHz P4 - 5 seconds" Going to try these out on my machine... thanks for the link

This is the type of software that should be written in very highly optimised Asm, not standard C.

homersux
November 18th, 2005, 19:52
If you've read the source code, there is not much to do in the algorithm section of the code in terms of highly optimized asm.

evilcry
November 23rd, 2005, 03:19
Here the win21 porting for MD5
http://pub1.positivenetworks.net/~dispensa/md5coll.zip



and now all MD5 implementations need to be rewritten

Have a nice day!