Farelf Posted January 27, 2009 Share Posted January 27, 2009 O/T to continue in the original post's subject but to follow-up: ...In that case a researcher demonstrated a 'collision' (two different strings with the same hash value) using a partial implementation of the MD5 algorithm. Worth remembering that within months collisions were exhibited on short strings using the 'proper'/full MD5 function and that further collisions on similar principles were demonstrated on SHA-0, MD4, HAVAL-128, and RIPEMD algorithms in short order. Also worth remembering that a collision is not cracking the algorithm - the hash values cannot be predicted, just they can no longer be assumed unique (and, the hash value being of finite length, that could never be taken to be the case anyway). The likelihood of real-world collision (probably) decreases with the length of the string being hashed. AFAIK, MD5 is still perfectly adequate for all but the most stringent applications (and even then might tend still to be used, only in conjunction with one or more other algorithms). ...Update on thatSummary (Dec 30 2008) We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats. http://www.win.tue.nl/hashclash/rogue-ca/ So - an actual/practical exploitation of the MD5 weakness. A very short piece of 'text' involved, computing resource included a 'supercomputer' consisting of 200 banked PS3s, but the writing is well and truly on the wall with this progression of the attack on this hash function. As the authors of the paper say, "MD5 considered harmful today." Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.