Paper 2004/264

Musings on the Wang et al. MD5 Collision

Philip Hawkes, Michael Paddon, and Gregory G. Rose


Wang et al. caused great excitement at CRYPTO2004 when they announced a collision for MD5~\cite{R92_MD5}. This paper is examines the internal differences and conditions required for the attack to be successful. There are a large number of conditions that must be satisfied, thus indicating Wang at al. have found a clever way to generate message pairs for which the conditions are satisfied. The large number of conditions suggests that an attacker cannot use these differentials to cause second pre-image attacks with complexity less than generic attacks. Initial examination also suggests that an attacker cannot cause such collisions for HMAC-MD5 with complexity less than generic attacks.

Note: Disclaimer: This document notes some observations of the authors regarding the collisions generated by Wang et al.. We do not claim to have any new discoveries in this paper. However, we hope that this paper provides a useful explanation until the time when Wang et al. publish a detailed analysis of their discoveries.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
hash functionscryptanalysis
Contact author(s)
phawkes @ qualcomm com
2004-10-14: received
Short URL
Creative Commons Attribution


      author = {Philip Hawkes and Michael Paddon and Gregory  G.  Rose},
      title = {Musings on the Wang  et al. {MD5} Collision},
      howpublished = {Cryptology ePrint Archive, Paper 2004/264},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.