Hashing use cases (why would I want to hash my files?)

Discuss anything related to portable freeware here.
Message
Author
User avatar
Midas
Posts: 6337
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Hashing use cases (why would I want to hash my files?)

#16 Post by Midas » Wed Sep 21, 2022 9:19 am

FYI, it appears MD5 can now considered utterly compromised...
Colliding any pair of files has been possible for many years, but it takes several hours each time, with no shortcut. This page provide tricks specific to file formats and precomputed collision prefixes to make collision instant.
The goal is to explore extensively existing attacks -- and show on the way how weak MD5 is [...] -- and also explore in detail common file formats to determine how they can be exploited with present or with future attacks. Indeed, the same file format trick can be used on several hashes (the same JPG tricks were used for MD5, malicious SHA-1 and SHA1), as long as the collisions follow the same byte patterns. This document is not about new attacks (the most recent one was documented in 2012), but about new forms of exploitation of existing attacks.

Image

Post Reply