[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving away from MD5

-- Start of PGP signed section.
> On Mon, 23 Jun 1997, Thomas Koenig wrote:
> > I think we should start moving away from MD5 as our main hash function.
> > MD5 has known weaknesses so that an attacker can quite possibly create
> > two files, differing maybe in a single bit or in quite a few bytes, but
> > having the same MD5 checksum.
> BTW: Just curiosity: I would be delighted to see two different files
> having the same md5sum. Do you have a simple example?

I'd be delighted to see two files with just a single bit changed
have the same MD5 checksum too: given one file of length L, there
are only L*8 bits you can change. As an md5sum is 128 bits long, it can
take 2**128 values, i.e. significantly more possibilities than you have
in flipping bits. So, for file sizes smaller than say 500M Bytes,
I'd say you need at least 4 bit-flips[1] to have reasonable a chance of
getting the same md5sum back. I don't really believe it's possible
get the same MD5 checksum by just flipping one bit. But 4 bits, yes
it should be theoretically possible.

[1] 500M Byte = 2**32 bits. With those 4 bit-flips, you can make
    (2**32)**4 combinations = 2**128 = number of different md5sum's

joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: