Cryptology ePrint Archive: Report 2005/075

Finding MD5 Collisions a Toy For a Notebook

Vlastimil Klima

Abstract: One of the major cryptographic "break-through" of the recent years was a discovery of collisions for a set of hash functions (MD4, MD5, HAVAL-128, RIPEMD) by the Chinese cryptographers in August 2004 [1]. Their authors (Wang et al.) kept the algorithm secret, however. We have found a way to generate the first message block of the collision about 1000 - 2000 times faster than the Chinese team - that corresponds to reaching the first colliding block in 2 minutes using a common notebook. The same computation phase took the Chinese team about an hour using an IBM P690 supercomputer. On the other hand, the Chinese team was 2 - 80 times faster when computing the second message block of their collisions. Therefore, our and the Chinese methods probably differs in both parts of the computation. Overall, our method is about 3 - 6 times faster. More specifically, finding the first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz). That should be a warning towards persisting usage of MD5. Note that our method works for any initialization vector. In the appendix, we show new examples of collisions for a standard and chosen initialization vectors.

Category / Keywords: secret-key cryptography / MD5 collisions, cryptanalysis

Publication Info: will be published in a forthcoming conference

Date: received 5 Mar 2005, last revised 8 Mar 2005

Contact author: v klima at volny cz

Available format(s): PDF | BibTeX Citation

Note: Common hash value in the second example corrected.

Version: 20050308:173858 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]