[15934] in cryptography@c2.net mail archive

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Source code for MD5' collisions

daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Aug 16 21:37:35 2004

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
Date: Mon, 16 Aug 2004 18:25:30 -0700
From: Eric Rescorla <ekr@rtfm.com>

I've posted source code that demonstrates the MD5 collisions
on my web site at:

http://www.rtfm.com/md5coll.tar.gz.

It's just a modified version of the RFC1321 MD5 source code
with the byte-flipping in the state initialization. It also
includes machine readable test vectors and a makefile. Just
run 'make' and you get the following output, at least on
FreeBSD:

gcc -o md5prime -DINVERT_STATE -DMD=5 md5.c mddriver.c
# X1 and X1' with ordinary MD5--no collision
./md5 X1.bin
MD5 (X1.bin) = e115410841d7a06f2913be15e1760fd1
./md5 X1prime.bin
MD5 (X1prime.bin) = 7005ea821bcc0e64d0eb9852f2bec2bd
# X1 and X1' with md5prime--collision
./md5prime X1.bin
MD5 (X1.bin) = 8ada1581c24565adac73a2d27160ca90
./md5prime X1prime.bin
MD5 (X1prime.bin) = 8ada1581c24565adac73a2d27160ca90
echo

# X2 and X2' with ordinary MD5
./md5 X2.bin
MD5 (X2.bin) = 55f94e8f79e8a9795fad79f4c6ab5f11
./md5 X2prime.bin
MD5 (X2prime.bin) = 47aaf6e98d0799f9a85db9fd86cb392a
# X2 and X2' with md5prime
./md5prime X2.bin
MD5 (X2.bin) = 1a2a1d55c87318422367ae3462143fb6
./md5prime X2prime.bin
MD5 (X2prime.bin) = 1a2a1d55c87318422367ae3462143fb6

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home	help	back	first	fref	pref	prev	next	nref	lref	last	post