Discuss anything related to portable freeware here.
- Posts: 6334
- Joined: Mon Dec 07, 2009 7:09 am
- Location: Sol3
FYI, it appears MD5 can now considered utterly compromised...
Colliding any pair of files has been possible for many years, but it takes several hours each time, with no shortcut. This page provide tricks specific to file formats and precomputed collision prefixes to make collision instant.
The goal is to explore extensively existing attacks -- and show on the way how weak MD5 is [...] -- and also explore in detail common file formats to determine how they can be exploited with present or with future attacks. Indeed, the same file format trick can be used on several hashes (the same JPG tricks were used for MD5, malicious SHA-1 and SHA1), as long as the collisions follow the same byte patterns. This document is not about new attacks (the most recent one was documented in 2012), but about new forms of exploitation of existing attacks.