The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Exploiting MD5 collisions (in C#)

Posted by Xavier Ashe on September 23, 2005

In my previous article Good Bye MD5 I
introduce you about the current findings on cryptology and about MD5
collisions detection. A debate started, and a lot of people think this
findings are not a serious issue.

Microsoft agree this is an important issue.

“Microsoft is banning certain cryptographic functions from
new computer code, citing increasingly sophisticated attacks that make
them less secure, according to a company executive.

The Redmond, Wash., software company instituted a new
policy for all developers that bans functions using the DES, MD4, MD5
and, in some cases, the SHA1 encryption algorithm, which is becoming
“creaky at the edges,” said Michael Howard, senior security program
manager at the company, Howard said.”


We now have some proofs of concept, like a pair of X.509 colliding certificates.
And one  spectacular example of a pair of postscript documents, with
the same MD5 hash value, you can read about this in the excellent paper
Attacking Hash Functions by Poisoned Messages “The Story of Alice and her Boss”.

Read the full article on The Code Project.

Written by Eduardo Diaz.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: