In my previous article Good Bye MD5 I
introduce you about the current findings on cryptology and about MD5
collisions detection. A debate started, and a lot of people think this
findings are not a serious issue.
Microsoft agree this is an important issue.
“Microsoft is banning certain cryptographic functions from
new computer code, citing increasingly sophisticated attacks that make
them less secure, according to a company executive.
The Redmond, Wash., software company instituted a new
policy for all developers that bans functions using the DES, MD4, MD5
and, in some cases, the SHA1 encryption algorithm, which is becoming
“creaky at the edges,” said Michael Howard, senior security program
manager at the company, Howard said.”
We now have some proofs of concept, like a pair of X.509 colliding certificates.
And one spectacular example of a pair of postscript documents, with
the same MD5 hash value, you can read about this in the excellent paper
Attacking Hash Functions by Poisoned Messages “The Story of Alice and her Boss”.
Read the full article on The Code Project.