Eric Rescorla
Mon, 16 Aug 2004 18:37:49 -0700
I've posted source code that demonstrates the MD5 collisions on my web site at:
http://www.rtfm.com/md5coll.tar.gz. It's just a modified version of the RFC1321 MD5 source code with the byte-flipping in the state initialization. It also includes machine readable test vectors and a makefile. Just run 'make' and you get the following output, at least on FreeBSD: gcc -o md5prime -DINVERT_STATE -DMD=5 md5.c mddriver.c # X1 and X1' with ordinary MD5--no collision ./md5 X1.bin MD5 (X1.bin) = e115410841d7a06f2913be15e1760fd1 ./md5 X1prime.bin MD5 (X1prime.bin) = 7005ea821bcc0e64d0eb9852f2bec2bd # X1 and X1' with md5prime--collision ./md5prime X1.bin MD5 (X1.bin) = 8ada1581c24565adac73a2d27160ca90 ./md5prime X1prime.bin MD5 (X1prime.bin) = 8ada1581c24565adac73a2d27160ca90 echo # X2 and X2' with ordinary MD5 ./md5 X2.bin MD5 (X2.bin) = 55f94e8f79e8a9795fad79f4c6ab5f11 ./md5 X2prime.bin MD5 (X2prime.bin) = 47aaf6e98d0799f9a85db9fd86cb392a # X2 and X2' with md5prime ./md5prime X2.bin MD5 (X2.bin) = 1a2a1d55c87318422367ae3462143fb6 ./md5prime X2prime.bin MD5 (X2prime.bin) = 1a2a1d55c87318422367ae3462143fb6 -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]