Muli Ben-Yehuda's journal

August 18, 2004


Filed under: Uncategorized — Muli Ben-Yehuda @ 2:05 PM

Following the MD5 collisions found and the SHA-1 break rumored, orrd, who should know something about these matters, recommends using Tiger. I’m reading the paper now.


  1. I found an MD5 collision once. I implemented a system for a UK retail bank that used MD5 hashes to pseudo-uniquely identify the provenance of files on its (huge – 35000 machines) Windows/NT network. Basically, when anything was installed anywhere, a big database ended up with MD5 hashes of all installed files added to it. The idea was that if a stray file turned up somewhere (which was actually the rollout team’s biggest recurring problem, oddly enough), it would be possible to know exactly what its version was, when it was installed, by whom, what sources were used to build it, etc. The system worked very well, and had workarounds in case an MD5 collision ever occurred. Eventually, one actually did, but unfortunately I didn’t manage to get the relevant people to send me copies of the actual files that caused it, so I couldn’t report it. They were both small files, a few hundred bytes each, but had entirely different contents and lengths.
    I have some suspicions about a potential cryptanalytic attack on MD5 of my own, actually, but I’ve not yet had time to do any work on it. Maybe in a month or two I’ll get a chance to try the idea.

    Comment by compilerbitch — August 18, 2004 @ 6:35 AM | Reply

    • PS: If it works, it’ll be a complete break, and the same technique might work for other similar hash functions and block ciphers.

      Comment by compilerbitch — August 18, 2004 @ 6:43 AM | Reply

      • Sounds interesting… let me know if you write it up!

        Comment by mulix — August 18, 2004 @ 7:17 AM

RSS feed for comments on this post. TrackBack URI

Leave a Reply to compilerbitch Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: