Here's a little Python script that illustrates the problem, modified from a script found on http://www.freedom-to-tinker.com/archives/000663.html:
MD5CollisionTest.py: import md5 a = "\xd1\x31\xdd\x02\xc5\xe6\xee\xc4\x69\x3d\x9a\x06\x98\xaf\xf9\x5c\x2f\xca\xb5\x87\x12\x46\x7e\xab\x40\x04\x58\x3e\xb8\xfb\x7f\x89\x55\xad\x34\x06\x09\xf4\xb3\x02\x83\xe4\x88\x83\x25\x71\x41\x5a\x08\x51\x25\xe8\xf7\xcd\xc9\x9f\xd9\x1d\xbd\xf2\x80\x37\x3c\x5b\xd8\x82\x3e\x31\x56\x34\x8f\x5b\xae\x6d\xac\xd4\x36\xc9\x19\xc6\xdd\x53\xe2\xb4\x87\xda\x03\xfd\x02\x39\x63\x06\xd2\x48\xcd\xa0\xe9\x9f\x33\x42\x0f\x57\x7e\xe8\xce\x54\xb6\x70\x80\xa8\x0d\x1e\xc6\x98\x21\xbc\xb6\xa8\x83\x93\x96\xf9\x65\x2b\x6f\xf7\x2a\x70" b = "\xd1\x31\xdd\x02\xc5\xe6\xee\xc4\x69\x3d\x9a\x06\x98\xaf\xf9\x5c\x2f\xca\xb5\x07\x12\x46\x7e\xab\x40\x04\x58\x3e\xb8\xfb\x7f\x89\x55\xad\x34\x06\x09\xf4\xb3\x02\x83\xe4\x88\x83\x25\xf1\x41\x5a\x08\x51\x25\xe8\xf7\xcd\xc9\x9f\xd9\x1d\xbd\x72\x80\x37\x3c\x5b\xd8\x82\x3e\x31\x56\x34\x8f\x5b\xae\x6d\xac\xd4\x36\xc9\x19\xc6\xdd\x53\xe2\x34\x87\xda\x03\xfd\x02\x39\x63\x06\xd2\x48\xcd\xa0\xe9\x9f\x33\x42\x0f\x57\x7e\xe8\xce\x54\xb6\x70\x80\x28\x0d\x1e\xc6\x98\x21\xbc\xb6\xa8\x83\x93\x96\xf9\x65\xab\x6f\xf7\x2a\x70" print "a is ", a print print "b is ", b print print "Note the two values are not equal, hence:" print "Value of expression a != b :", a != b print print "However:" print "Value of expression md5.md5(a).hexdigest() == md5.md5(b).hexdigest() : ", md5.md5(a).hexdigest() == md5.md5(b).hexdigest() --- John Hebert <[EMAIL PROTECTED]> wrote: > http://www.freedom-to-tinker.com/archives/000664.html > > quotes below from URL above, see site for links: > > > Report from Crypto 2004 > Here's the summary of events from last night's > work-in-progress session at the Crypto conference. > [See previous entries for backstory.] (I've > reordered > the sequence of presentations to simplify the > explanation.) > > Antoine Joux re-announced the collision he had found > in SHA-0. > > One of the Chinese authors (Wang, Feng, Lai, and Yu) > reported a family of collisions in MD5 (fixing the > previous bug in their analysis), and also reported > that their method can efficiently (2^40 hash steps) > find a collision in SHA-0. This speaker received a > standing ovation, from at least part of the > audience, > at the end of her talk. > > Eli Biham announced new results in cryptanalyzing > SHA-1, including a collision in a reduced-round > version of SHA-1. The full SHA-1 algorithm does 80 > rounds of scrambling. At present, Biham and Chen can > break versions of SHA-1 that use up to about 40 > rounds, and they seem confident that their attacks > can > be extended to more rounds. This is a significant > advance, but it's well short of the dramatic full > break that was rumored. > > Where does this leave us? MD5 is fatally wounded; > its > use will be phased out. SHA-1 is still alive but the > vultures are circling. A gradual transition away > from > SHA-1 will now start. The first stage will be a > debate > about alternatives, leading (I hope) to a consensus > among practicing cryptographers about what the > substitute will be. > > > > > > > __________________________________ > Do you Yahoo!? > New and Improved Yahoo! Mail - 100MB free storage! > http://promotions.yahoo.com/new_mail > > _______________________________________________ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > _______________________________ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush
