in reply to Re^4: MD5 - what's the alternative
in thread MD5 - what's the alternative

Okay. Here's an open challenge to all crypto-analysts everywhere.

Modify the following text

The quick brown fox jumps over the laxy dog f67fcc68ecf72971a7bd012e3a47d0ac

such that it will verify by the following perl program: 

#! perl -slw
use strict;
use Digest::MD5 qw[ md5_hex ];

my $challenge = 
'The quick brown fox jumps over the laxy dog f67fcc68ecf72971a7bd012e3
+a47d0ac';

my( $text, $sig ) = $ARGV[ 0 ] =~ m[(^.*)\s(.{32})$];

die 'Cheat! The text has to be different'
    if $ARGV[ 0 ] eq $challenge;

die 'Bad luck'
    if  md5_hex( $ARGV[ 0 ] ) ne '7b79a6f61178415a63fc5e7b76d64a1f'
    or md5_hex( $text ) ne $sig;
    
print "You won yourself a meal on BrowserUk" ;

print 'Make sure your passport is valid'
    if $ARGV[ 0 ] =~ m[lazy];
    
__END__

[download]

anytime in my remaining lifetime, and I'll stand them a meal at their favorite restuarant.

Pad or truncate the message as necessary, but correct my typo and I'll stand them a meal at my favorite restuarant.

And pick up the tab for getting them to and from it.

Examine what is said, not who speaks.
"Efficiency is intelligent laziness." -David Dunham
"Think for yourself!" - Abigail
"Memory, processor, disk in that order on the hardware side. Algorithm, algorithm, algorithm on the code side." - tachyon

Replies are listed 'Best First'.
Re^6: MD5 - what's the alternative
by Aristotle (Chancellor) on Mar 11, 2005 at 13:58 UTC

    Guess what? Not a lifetime, just 8 hours on a 1.6 GHz machine, according to More Hash Function Attacks.

    There's a reason the cryptographers started making waves about MD5 being weak when the first and so innocuous seeming collision conditions were found.

    Makeshifts last the longest.

[reply]

      I didn't read it all, but that article is still referring to the fact that it is possible to find two pieces of text that have the same md5. That was always known to be possible.

      My challenge still stands.

      Examine what is said, not who speaks.
      Silence betokens consent.
      Love the truth but pardon error.
      Lingua non convalesco, consenesco et abolesco.
[reply]

        Due to the ability of Wang's method to produce MD5 compression function collisions for any IV, and due to the iterative structure of MD5, we can append a collision to any block of data of our choice (provided that the bitlength is a multiple of the MD5 block length), while maintaining the collision property. Similarly we can then append data of our choice to the constructed collisions. In this way we can build colliding certificates.

        I don't know how much clearer it needs to be spelt out.

        Makeshifts last the longest.

[reply]

In Section Seekers of Perl Wisdom