> On Sep 3, 2015, at 11:33 AM, Melvin Carvalho <melvincarva...@gmail.com> wrote: >> > > Im not an expert here, but my understanding from reading some wikipedia > articles was that a preimage attack on md5 was 2^123.
For a pre-image attack that’s true (or thereabouts), the real problem is that you can compute content to ensure a collision with a target hash. Essentially you can take some content, make the changes you want, and then mutate some other part of the data that isn’t important until you generate a collision. This isn’t a theoretical attack, this was used to compromise/MiTM the windows update servers a few year ago (Flame attack i think?) Anyhoo I can’t recall the time involved, but i suspect by now you can probably compute a collision in a few hours. —Oliver