MD5 and SHA cracked/broken...
Sam Holden
sholden at flexal.cs.usyd.edu.au
Sun Sep 12 23:16:17 EDT 2004
On 12 Sep 2004 20:11:11 -0700, Paul Rubin <> wrote:
> Sam Holden <sholden at flexal.cs.usyd.edu.au> writes:
>> Creating a collision between a "useful" file which people can
>> examine and use and a "trojan" file which does "bad things" is
>> significantly more difficult than creating two files whose
>> MD5 sums collide but whose contents are essentially "random".
>
> Of course it's not. Just have a block of random-looking data
> somewhere in the file, like in a bitmap image or something. Who's
> going to notice, if the bitmap doesn't actually get displayed?
Creating a collision of files containing some desired data plus a block
of "random" data is different than creating collisions of files that
contain purely "random" data.
You can do both via brute force, generate until I find a match, approaches
given enough time. But a crack against the algorithm may be not work
for the "desired data" case - it may just give "random" byte sequences.
--
Sam Holden
More information about the Python-list
mailing list