MD5/SHA collisions cont

Now that the updated paper has been published, here is how to see the collisions for yourself:

1. Create, containing the following:

my $p = 
"d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f89" .
"55ad340609f4b30283e488832571415a085125e8f7cdc99fd91dbdf280373c5b" .
"d8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cda0" .
print pack("H*", $p);

2. Also create containing the following:

my $p = 
"d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f89" .
"55ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5b" .
"d8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0" .
print pack("H*", $p);

3. Download from here

4. Verify it works by doing “echo -n abc |”. You should get 900150983cd24fb0d6963f7d28e17f72

5. Run “ |” and “ |” and you should get the same hash value (79054025255fb1a26e4bc422aef54eb4)

2 replies on “MD5/SHA collisions cont”

They are similar, but not identical. The first difference is about 3/4 along the first line. Message A has 87 whereas message B has 07.

If anything, being able to make small changes in a message without affecting the hash is more interesting than large changes. Eg. “Please transfer 100UKP into Andrew’s bank account” could become “Please transfer 900UKP into Andrew’s bank account”.

But thankfully, we’re a long way away from making arbitary changes to arbitary messages like that!

Comments are closed.