> On Sep 3, 2015, at 11:33 AM, Melvin Carvalho <melvincarva...@gmail.com> wrote:
> Im not an expert here, but my understanding from reading some wikipedia
> articles was that a preimage attack on md5 was 2^123.  

For a pre-image attack that’s true (or thereabouts), the real problem is that 
you can compute content to ensure a collision with a target hash. Essentially 
you can take some content, make the changes you want, and then mutate some 
other part of the data that isn’t important until you generate a collision.

This isn’t a theoretical attack, this was used to compromise/MiTM the windows 
update servers a few year ago (Flame attack i think?)

Anyhoo I can’t recall the time involved, but i suspect by now you can probably 
compute a collision in a few hours.


Reply via email to