Re: Moving away from MD5
-- Start of PGP signed section.
> On Mon, 23 Jun 1997, Thomas Koenig wrote:
> > I think we should start moving away from MD5 as our main hash function.
> > MD5 has known weaknesses so that an attacker can quite possibly create
> > two files, differing maybe in a single bit or in quite a few bytes, but
> > having the same MD5 checksum.
> BTW: Just curiosity: I would be delighted to see two different files
> having the same md5sum. Do you have a simple example?
I'd be delighted to see two files with just a single bit changed
have the same MD5 checksum too: given one file of length L, there
are only L*8 bits you can change. As an md5sum is 128 bits long, it can
take 2**128 values, i.e. significantly more possibilities than you have
in flipping bits. So, for file sizes smaller than say 500M Bytes,
I'd say you need at least 4 bit-flips to have reasonable a chance of
getting the same md5sum back. I don't really believe it's possible
get the same MD5 checksum by just flipping one bit. But 4 bits, yes
it should be theoretically possible.
 500M Byte = 2**32 bits. With those 4 bit-flips, you can make
(2**32)**4 combinations = 2**128 = number of different md5sum's
joost witteveen, firstname.lastname@example.org
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .