Cryptology ePrint Archive: Report 2005/075
Finding MD5 Collisions – a Toy For a Notebook
Abstract: One of the major cryptographic "break-through" of the recent years was a discovery of collisions for a set of hash functions (MD4, MD5, HAVAL-128, RIPEMD) by the Chinese cryptographers in August 2004 . Their authors (Wang et al.) kept the algorithm secret, however. We have found a way to generate the first message block of the collision about 1000 - 2000 times faster than the Chinese team - that corresponds to reaching the first colliding block in 2 minutes using a common notebook. The same computation phase took the Chinese team about an hour using an IBM P690 supercomputer. On the other hand, the Chinese team was 2 - 80 times faster when computing the second message block of their collisions. Therefore, our and the Chinese methods probably differs in both parts of the computation. Overall, our method is about 3 - 6 times faster. More specifically, finding the first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz). That should be a warning towards persisting usage of MD5. Note that our method works for any initialization vector. In the appendix, we show new examples of collisions for a standard and chosen initialization vectors.
Category / Keywords: secret-key cryptography / MD5 collisions, cryptanalysis
Publication Info: will be published in a forthcoming conference
Date: received 5 Mar 2005, last revised 8 Mar 2005
Contact author: v klima at volny cz
Available format(s): PDF | BibTeX Citation
Note: Common hash value in the second example corrected.
Version: 20050308:173858 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]