0xf001
September 26th, 2005, 21:05
thanks for the tip

!
starting from that page one could get a huge amount of information
but i was a bit disappointed by the presented code - that is just an implementation of the "exploit" which imho does not show anything.
the most valuable info (personal opinion!!

) i still found here:
http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf
as it describes the approach on how to find collisions.
i am quite sure this doc was allready posted
the info
if H(a) == H(b) then applies H(a+x) == H(b+x)
whereby x is your real data and a,b is a collision vector
is imho the most relevant on the topic and colission vectors are present on the internet

(also in the mentioned source)
the art then is to find a way dealing with the different binary formats to incorporate the collision. as you have to prepend something (the one "plaintext" of your collision) to your data which can be tricky (the resulting file should still work with your data)
what i find really cool is this effort which also spread in the news
http://www.win.tue.nl/~bdeweger/CollidingCertificates/CollidingCertificates.pdf
this combined technique should be most shocking as it is applied onto X.509 certificates hehehe
cheers, 0xf001