hello everybody, last month we presented in a lightning talk at PacSec
a few interesting and somehow new things related to MD5 collisions: 2
different Win32 .EXE files with the same MD5 hash, and 4 different files
(inputs) with the same MD5 hash.
These are direct results of reimplementing the already known attacks on
MD5, specifically abusing the fact that collisions can be generated for
arbitrary IVs.
Today we are releasing some new stuff:
- The 4 colliding files have been increased to 8 files (there is no
real limit in the number of colliding files which can be generated, this
is just an example of what can be done).
- Two new Win32 .EXE files, this time with the same MD5 hash and also
the same CRC32, the same checksum 32 and the same checksum 16.
Of course all this is no big theoretical breakthrough, but it's somehow
interesting to have examples to show to the incredulous.
All the information (the files and presentation explaining how to
regenerate the files) from PacSec is now available at
http://www.corest.com/corelabs/projects/research_topics.php.
have fun!
gera
