We’ve talked briefly at MD5 collision in the last class, and some people has some questions about it. The two links provided below; the first is explaining what MD5 collision is and the second will let you create your own collision.
Basically, collision occurs when two completely different files have the same digest. When you use a hash algorithm: 1st you take the original message (plaintext), add some padding, run it through the hash algorithm (in this case MD5), and then it returns a message digest (ciphertext). Each file, if not exactly the same, should have a different digest. Nat McHugh has found a way to add prefixes to the plaintext (files: jpg, txt, etc) that would make the hash algorithm return the same hash even if the files were different.
He has created a Amazon Web Service (AWS) image that would allow you to download and run the script for about 7 cents an hour. I’ve tried it and it took about a day to create a collision. So I was able to create a MD5 collision for less than 2 bucks. If you are interested you can try it out:
http://natmchugh.blogspot.com/2015/09/md5-collisions-in-ssh-keys.html
http://natmchugh.blogspot.com/2015/02/create-your-own-md5-collisions.html
Ahmed A. Alkaysi says
This is really cool Loi. Although hash collisions are supposed to be statistically unlikely, people are obviously starting to create them like you have. Maybe other hashing methods that are more than the 128 bit that MD5 outputs need to start being used. Will definitely look into testing this experiment out.
Vaibhav Shukla says
The article is great and I feel the hash collision can also be created if we convert the hex code into the binary code.
The main vulnerability exploited in MD5 collision is the length extension because of this length-extension behavior, we can append any suffix to both messages and know that the longer messages will also collide.
Jason A Lindsley says
Interesting article and a good reason to use SHA-2 (e.g. 512 bit) for hash functions. MD5 could result in the use of fake SSL certificates and files sent with MD5 hash signatures could have their integrity compromised.