Author Topic: Is MD5 dead?  (Read 6669 times)

Offline quixin

  • Hero Member
  • *****
  • Posts: 538
Is MD5 dead?
« on: December 01, 2007, 03:40:11 AM »
What do you guys make of this?

Quote
We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.

http://www.win.tue.nl/hashclash/SoftIntCodeSign/



Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Re: Is MD5 dead?
« Reply #1 on: December 02, 2007, 02:37:25 AM »
Yea, it was bound to happen. Any hashing tool can have this. Also, unless they were also the same size, other checks should raise a red flag (Gentoo Portage uses three(I think) hashing tools plus file size to make sure the file is right)
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Is MD5 dead?
« Reply #2 on: December 03, 2007, 06:35:42 PM »
For the purposes of PasswordMaker, MD5 is still viable. The likelihood of two or more master passwords colliding is unbelievably low.

PasswordMaker Forums

Re: Is MD5 dead?
« Reply #2 on: December 03, 2007, 06:35:42 PM »