Decius wrote:
] cerkit wrote:
] ] skullaria wrote:
] ] ] ] At last, the secret of how to make MD5 collisions is
] out!
] ]
] ] It should be noted the article and the related documents
] only
] ] offer a still too slow total collision method. First block
] ] collisions in the neighborhood of two minutes, much faster
] in
] ] that respect then the soon to be released report by Wang on
] ] the subject, but over 80 times slower on second block
] ] collisions. Which is to say a meaningful method has yet to
] be
] ] fielded publicly but will most likely soon be available.
]
] Read the paper. Even at 80 times slower for the second half
] the Russian team reports that their overall time is 3-6 times
] faster and they obtained their first collision in 8 hours on a
] conventional laptop. MD5 is dead as fried chicken.

an 8 hour collision isn't exactly death. it's totally dependant on the application's use of MD5. for instance, PHP uses MD5 inherently as a form of session identification. and it's more likely to expire and be re-issued over the course of 8 hours depending on how carefully implemented it is. so, until we're talking minutes, and not hours to collide completely, the issue is very much still open. i agree its grave is certainly dug, but until they reconcile both of these methods and develop a unified method leveraging the advantages of both, MD5 can still be carefully and safely implemented. theres no reason to believe that process of reconciliation will be instant. as a careful developer though, i never used MD5 for anything. early on, to me, it was somewhat obvious that this would eventually occur.

RE: MD5 collision method published