The MD5 algorithm is reported prone to a hash collision weakness. This weakness reportedly allows attackers to create multiple, differing input sources that, when the MD5 algorithm is used, result in the same output fingerprint. It has been demonstrated that attackers can create multiple input sources to MD5 that result in the same output fingerprint. Reportedly, at this time, attackers cannot generate arbitrary collisions. At this time, it is also reported that only a very limited number of individual bits in an input message may be altered while maintaining an identical output fingerprint. This weakness may allow attackers to create two messages, or executable binaries such that their MD5 fingerprints are identical. One of these messages or binaries would be innocent, and the other malicious. The innocent message or binary may be digitally signed, and then later would have the malicious file substituted into its place. This attack may allow malicious code to be executed, or...
The MD5 algorithm is reported prone to a hash collision weakness. This weakness reportedly allows attackers to create multiple, differing input sources that, when the MD5 algorithm is used, result in the same output fingerprint. It has been demonstrated that attackers can create multiple input sources to MD5 that result in the same output fingerprint. Reportedly, at this time, attackers cannot generate arbitrary collisions. At this time, it is also reported that only a very limited number of individual bits in an input message may be altered while maintaining an identical output fingerprint. This weakness may allow attackers to create two messages, or executable binaries such that their MD5 fingerprints are identical. One of these messages or binaries would be innocent, and the other malicious. The innocent message or binary may be digitally signed, and then later would have the malicious file substituted into its place. This attack may allow malicious code to be executed, or non-repudiation properties of messages to be broken. At this time, preimage attacks are not reportedly possible. It is recommended that cryptosystems that utilize the MD5 algorithm should be reviewed, and the measures should be taken to protect against this weakness. Other hashing algorithms may possibly be utilized in replacement to, or in conjunction with MD5 to decrease the likelihood of a successful attack.
