[LINK] MD5 cracking

Adam Todd link at todd.inoz.com
Sun Jan 28 13:53:12 AEDT 2007

I keep saying, if there is a legal way, there is an illegal way.

It doesn't matter what it is, there will always be several ways to add 
binary to a 256 bit pattern :)

At 10:01 AM 28/01/2007, Rick Welykochy wrote:
>The MD5 sum is a digest of a chunk of digital data, such as a file, that
>supposedly uniquely indentifies the file, i.e. like a checksum. If you
>receive a copy of a file and its calculated MD5 does not match the 
>published MD5, you can be sure the file has been tampered with.
>We have know for a while now that the MD5 digest is insecure, i.e. it
>is now possible to make changes to a file such that its MD5 matches
>a desired (bogus) MD5.
>I ran across this site today:
>As they say, it's "in the wild". The web page provides a service to
>crack MD5 digests. Sigh.
>I mention this because practically all software we download is 
>cross-checked and vetted against its MD5 digest, and nothing more
>secure. This implies that updates from Winders, downloads of
>FOSS etc.etc. could easily be compromised if the desire to do so
>is there. And it is probably only a matter of time before a
>jacked/hacked but secure-looking version of software product XYZ is
>released on the 'Net.
>The suggested replacement digest is SHA-1, but there are worries that
>it too is insecure and will be cracked soon. SHA-256 and -512 look like
>the way to go in the future.
>Rick Welykochy || Praxis Services
>It's always the enemies of freedom who find themselves, at one moment
>or another, most in need of it.
>      -- Michel Houellebecq
>Link mailing list
>Link at mailman.anu.edu.au

More information about the Link mailing list