## Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications (2005)

Venue: | In International Scientific Conference Security and Protection of Information |

Citations: | 31 - 1 self |

### BibTeX

@INPROCEEDINGS{Klima05findingmd5,

author = {Vlastimil Klima},

title = {Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications},

booktitle = {In International Scientific Conference Security and Protection of Information},

year = {2005}

}

### Years of Citing Articles

### OpenURL

### Abstract

In this paper, we summarize the results achieved during our brief three months long research on collisions of the MD5 hash function. Being inspired by the results announced by Wang et al. [1] we independently developed methods for finding collisions which work for any initialization value and which are quicker than the methods presented in [1, 8]. It enables us to find a MD5 collision on a standard notebook PC roughly in 8 hours [7]. Independently on [1, 8], we discovered and propose several multi-message modification methods, which are more effective than methods described in [1, 8]. We show their principle.

### Citations

11 |
Finding MD5 collisions a toy for a notebook,” Cryptology ePrint Archive: Report 2005/075
- Klima
- 2005
(Show Context)
Citation Context ...lling stationary conditions. 2. We compute x[0 - 15]. 6s3. We change Q[2] until the conditions for Q[17] are fulfilled (we compute x[1 - 5] and we check if x[1] corresponds with Q[17]). 4. We change Q=-=[7]-=- until conditions for Q[18] are fulfilled (we compute x[6 - 10] and we check if x[6] corresponds with Q[18]). 5. We change Q[12] until conditions for Q[19] are fulfilled (we compute x[11 - 15] and we ... |

7 |
Musing on the Wang et. al
- Hawkes, Paddon, et al.
(Show Context)
Citation Context ... - 15] and we check if x[11] corresponds with Q[19]). Now, all conditions for Q[1 - 19] are fulfilled deterministically. The remaining 27 conditions according to [8] (resp. 25 conditions according to =-=[3]-=-) are fulfilled probabilistically. We have more than 2 27 choices of Q[1 -16]. With the complexity of 2 27 we find a collision of the second block. This is a further reduction of the complexity. This ... |

6 |
Hongbo Yu, How to Break MD5 and Other Hash Functions, these proceedings
- Wang
(Show Context)
Citation Context ...pired by the results announced by Wang et al. [1] we independently developed methods for finding collisions which work for any initialization value and which are quicker than the methods presented in =-=[1, 8]-=-. It enables us to find a MD5 collision on a standard notebook PC roughly in 8 hours [7]. Independently on [1, 8], we discovered and propose several multi-message modification methods, which are more ... |

5 |
MD5 to be considered harmful someday. Cryptology ePrint Archive, Report 2004/357
- Kaminsky
- 2004
(Show Context)
Citation Context ...ditions for Q[17 - 21] are fulfilled (From Q[1] we compute new x[0 - 4]). 4. Now we change Q[8 - 12] (fulfilling stationary conditions) in such a way that x[11] remains unchanged. Because the values x=-=[1, 6, 11, 0, 5]-=- remain unchanged, the conditions Q[17 - 21] remain fulfilled. We compute x[7 -15]. The remaining 24 stationary conditions are fulfilled probabilistically. We have more than 2 24 choices of Q[8 -12]. ... |

2 |
Xiaoyun Wang and Benne de Weger: Colliding X.509 Certificates, Cryptology ePrint Archive
- Lenstra
(Show Context)
Citation Context ... (Intel Pentium 1.6 GHz). Note that our method works for any initialization vector. It can be abused in forging signatures of software packages and digital certificates as some papers show ([4], [5], =-=[6]-=-). We showed that it is possible to find MD5 collisions using an ordinary home PC. That should be a warning towards persisting usage of MD5. In the appendix, we show new examples of collisions for a s... |

1 |
Hongbo Yu: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, rump session, CRYPTO 2004, Cryptology ePrint Archive, Report 2004/199, first version (August 16, 2004), second version (August 17
- Wang, Feng, et al.
(Show Context)
Citation Context ...5 version 1 In this paper, we summarize the results achieved during our brief three months long research on collisions of the MD5 hash function. Being inspired by the results announced by Wang et al. =-=[1]-=- we independently developed methods for finding collisions which work for any initialization value and which are quicker than the methods presented in [1, 8]. It enables us to find a MD5 collision on ... |

1 |
published on the web on March 6, 2005 Xiaoyun Wang, Xuejia Lai
- pdf
(Show Context)
Citation Context ...x[7 - 15] : x[0]=RR(Q[1]-Q[0],7)-F(Q[0],Q[-1],Q[-2])-Q[-3]-0xd76aa478; x[7]= RR(Q[8 ]-Q[7 ],22)-F(Q[7 ],Q[6 ],Q[5 ])-Q[4 ]-0xfd469501; x[8]= RR(Q[9 ]-Q[8 ], 7)-F(Q[8 ],Q[7 ],Q[6 ])-Q[5 ]-0x698098d8; x=-=[9]-=-= RR(Q[10]-Q[9 ],12)-F(Q[9 ],Q[8 ],Q[7 ])-Q[6 ]-0x8b44f7af; x[10]=RR(Q[11]-Q[10],17)-F(Q[10],Q[9 ],Q[8 ])-Q[7 ]-0xffff5bb1; x[11]=RR(Q[12]-Q[11],22)-F(Q[11],Q[10],Q[9 ])-Q[8 ]-0x895cd7be; x[12]=RR(Q[1... |

1 |
Yiqun Lisa Yin, Hongbo Yu
- Wang
- 2005
(Show Context)
Citation Context ...a,12); Q[ 7]=Q[6 ]+RL(F(Q[6 ],Q[5 ],Q[4 ])+Q[3 ]+x[6 ]+0xa8304613,17); Q[ 8]=Q[7 ]+RL(F(Q[7 ],Q[6 ],Q[5 ])+Q[4 ]+x[7 ]+0xfd469501,22); Q[ 9]=Q[8 ]+RL(F(Q[8 ],Q[7 ],Q[6 ])+Q[5 ]+x[8 ]+0x698098d8, 7); Q=-=[10]-=-=Q[9 ]+RL(F(Q[9 ],Q[8 ],Q[7 ])+Q[6 ]+x[9 ]+0x8b44f7af,12); Q[11]=Q[10]+RL(F(Q[10],Q[9 ],Q[8 ])+Q[7 ]+x[10]+0xffff5bb1,17); Q[12]=Q[11]+RL(F(Q[11],Q[10],Q[9 ])+Q[8 ]+x[11]+0x895cd7be,22); Q[13]=Q[12]+R... |