MD5 and SHA cracked/broken...
Bengt Richter
bokr at oz.net
Sun Sep 12 16:18:00 EDT 2004
On Sun, 12 Sep 2004 12:29:06 -0400, Tim Peters <tim.peters at gmail.com> wrote:
>[Paul Rubin]
>>> MD5 and SHA-0 had collisions found.
>
>[GomoX Gonzalo Sainz-Tr=E1paga]
>> I don't think so. Would you mind posting a link?
>
>Here's an MD5 collision demonstrated in Python. I derived this code
>from the paper at
>
> http://eprint.iacr.org/2004/199.pdf
>
>import md5
>
>S =3D ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=3D\x9a\x06\x98\xaf\xf9\\'
> '/\xca\xb5\x87\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
> '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%qAZ\x08Q%\xe8\xf7'
> '\xcd\xc9\x9f\xd9\x1d\xbd\xf2\x807<[\x96\x0b\x1d\xd1'
> '\xdcA{\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9a\xc7\xf0\xeb'
> '\xfd\x0c0)\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"'
> '\xe8\xad\xbay\xcc\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1'
> '\x9b\n\xd85\xcc\xa7\xe3')
>
>T =3D ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=3D\x9a\x06\x98\xaf\xf9\\'
> '/\xca\xb5\x07\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
> '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%\xf1AZ\x08Q%\xe8\xf7'
> '\xcd\xc9\x9f\xd9\x1d\xbdr\x807<[\x96\x0b\x1d\xd1\xdcA{'
> '\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9aG\xf0\xeb\xfd\x0c0)'
> '\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"\xe8\xad\xbayL'
> '\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1\x9b\nX5\xcc\xa7\xe3')
>
>assert S !=3D T
>print md5.new(S).hexdigest()
>print md5.new(T).hexdigest()
>print "oops"
Others may have received that correctly, but between some systems and mine
'=' seems to get re-encoded as '=3D' (including in S and T). After fixing that,
pasting into my console python session worked for me:
>>> import md5
>>>
>>> S = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\'
... '/\xca\xb5\x87\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
... '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%qAZ\x08Q%\xe8\xf7'
... '\xcd\xc9\x9f\xd9\x1d\xbd\xf2\x807<[\x96\x0b\x1d\xd1'
... '\xdcA{\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9a\xc7\xf0\xeb'
... '\xfd\x0c0)\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"'
... '\xe8\xad\xbay\xcc\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1'
... '\x9b\n\xd85\xcc\xa7\xe3')
>>>
>>> T = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\'
... '/\xca\xb5\x07\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
... '\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%\xf1AZ\x08Q%\xe8\xf7'
... '\xcd\xc9\x9f\xd9\x1d\xbdr\x807<[\x96\x0b\x1d\xd1\xdcA{'
... '\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9aG\xf0\xeb\xfd\x0c0)'
... '\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"\xe8\xad\xbayL'
... '\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1\x9b\nX5\xcc\xa7\xe3')
>>>
>>> assert S != T
>>> print md5.new(S).hexdigest()
a4c0d35c95a63a805915367dcfe6b751
>>> print md5.new(T).hexdigest()
a4c0d35c95a63a805915367dcfe6b751
>>> print "oops"
oops
QED
Regards,
Bengt Richter
More information about the Python-list
mailing list