Hannah Schroeter <[email protected]> wrote: > However, I don't see it as *so very* critical. The practical attacks > against MD5 are birthday attacks, not preimages for a given hash. > At least not yet.
Actually, if you can overwrite or append a chunk of data, you can create an MD5 collision at will. This allows for some practical attacks. In particular, arbitrary data can be appended to a gzipped file; gzip will just ignore it on extraction. In combination this means that creating a modified gzipped file that shares the MD5 hash and the size of the original is quite achievable. -- Christian "naddy" Weisgerber [email protected]
