{"id":16,"date":"2005-08-04T12:22:32","date_gmt":"2005-08-04T16:22:32","guid":{"rendered":"http:\/\/blogs.law.harvard.edu\/rlucastemp\/2005\/08\/04\/warn-md5-sums-irredeemably-broken\/"},"modified":"2005-08-04T12:22:32","modified_gmt":"2005-08-04T16:22:32","slug":"warn-md5-sums-irredeemably-broken","status":"publish","type":"post","link":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/2005\/08\/04\/warn-md5-sums-irredeemably-broken\/","title":{"rendered":"[WARN] MD5 sums irredeemably broken"},"content":{"rendered":"<p><a name='a75'><\/a><\/p>\n<p>The MD5 hash function is dangerously unusable at this point.&nbsp; I<br \/>\nwas under the impression, casually following crypto over the last<br \/>\ncouple years, that it was weak but likely &#8220;good enough&#8221; for<br \/>\nnon-military, non-banking types of applications.&nbsp; Dead wrong.<\/p>\n<p>There are now known attacks &#8212; and doubtless toolchains for specific<br \/>\nexploits &#8212; that permit creating two completely different (but valid)<br \/>\npieces of plaintext that generate the same MD5 sum.<\/p>\n<p>See http:\/\/www.doxpara.com for an example of two mocked-up HTML pages,<br \/>\none for &#8220;Lockheed&#8221; and one for &#8220;Boeing,&#8221; that share the same MD5 hash<br \/>\nsum.<\/p>\n<p>See also Wikipedia&#8217;s MD5 entry (which does not NEARLY sufficiently raise the alarum on this) at http:\/\/en.wikipedia.org\/wiki\/Md5<\/p>\n<p>You might pooh-pooh my admittedly somewhat superficial take on this,<br \/>\nbut ignore me at your peril: bad guys are doubtless developing toolkits<br \/>\nfor creating two docs, one legit, one malicious, that share the same<br \/>\nMD5 sum.<\/p>\n<p>Bottom line: time to use SHA1 (for a while until someone figures out<br \/>\nhow to do the same thing).&nbsp; Simple enough on debian; &#8220;sha1sum&#8221; is<br \/>\nin coreutils and is a seeming drop-in replacement for MD5 sums.<\/p>\n<p><a href='http:\/\/en.wikipedia.org\/wiki\/Md5'>[WARN] MD5 sums irredeemably broken &#8230;<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The MD5 hash function is dangerously unusable at this point.&nbsp; I was under the impression, casually following crypto over the last couple years, that it was weak but likely &#8220;good enough&#8221; for non-military, non-banking types of applications.&nbsp; Dead wrong. There are now known attacks &#8212; and doubtless toolchains for specific exploits &#8212; that permit creating [&hellip;]<\/p>\n","protected":false},"author":1180,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/posts\/16","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/users\/1180"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/rlucastemp\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}