Pinned
Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun:
md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")
=
md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")
Marc Stevens
737 posts
Marc Stevens
@realhashbreaker
- Replying to @SwiftOnSecurityI once used the cluster of 215 PlayStation 3s at EPFL, that was a lot of cheap computing power at the time. And unlike for other CPUs, assembly programming for SPUs was quite magical: exact clockcycle predictions just from code.
- Replying to @realhashbreakerOne potential usecase: to discern websites that store unsalted md5 passwords. x.com/Kuggofficial/s…
- Replying to @realhashbreakerThis is the first md5 collision with only printable ascii that I know of. I have been asked before if this was possible, but I used to respond its not practically doable.
- I'm very proud and thankful to have won one of the RWC2020 Levchin prize together with Xiaoyun Wang for our work on hash function cryptanalysis!! #realworldcrypto
- Replying to @realhashbreakerIts an identical-prefix collision attack where you can pick your own allowed charset (say alphanum, base64, all printable). It also allows to force some specific bytes (mainly 0-7 and 20-27) to some extent.
- Replying to @real_redpTry echo -n, otherwise it appends a newline char that also goes into MD5.
- Replying to @h4knetOne machine with 40 cores and a lot of RAM in a half a day.
- GitHub now uses our SHA-1 collision detection code to protect repositories against SHA-1 collisions: github.com/blog/2338-sha-… Great!!
- Replying to @SoatokDholeThe attack has a 1 byte difference of +4 in the 21st byte, but hAcKSMd5=>hEcKSMd5 is indeed no coincidence ;)
- Seriously, stop using SHA-1! SHA-1 chosen-prefix collisions are now practically demonstrated. Beware of ALL possible collision exploits. E.g. see the amazing list of PoCs by @angealbertini.#ePrint SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust: G Leurent, T Peyrin ia.cr/2020/014
- Commonly overlooked: our single expensive SHA-1 collision can be reused to craft many colliding file pairs by anyone for free.
- Our SHA-1 collision won the 2017 Pwnie Award for best cryptographic attack!Shattered our SHA-1 collision attack won the #BlackHat best cryptographic attack award. @realhashbreaker
- Replying to @SwiftOnSecurityHere are some more pictures: win.tue.nl/~bdeweger/PS3L…
