MD5 and SHA cracked/broken...

[Paul Rubin]

Sam Holden <sholden at flexal.cs.usyd.edu.au> writes:
> Creating a collision of files containing some desired data plus a block
> of "random" data is different than creating collisions of files that
> contain purely "random" data. 

If you look at how md5 actually works, you'd see that remark is
incorrect.  The desired data at the beginning of the file causes the
md5 chaining variables to have some particular value at the place
where your random block goes.  You then choose the "random" block to
produce a collision starting with those values of the chaining
variables.  From then on for the rest of the file, the chaining
variables at each block stay the same for both versions of the file.

The known md5 attack produces colliding blocks that differ in only a
few bits in specific locations, but that may well be enough to slip in
a trojan, for example by using the flipped bit to modify a jump
target, or to turn one kind of machine instruction into another.