[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

$10M breaks MD5 in 24 days

To: [email protected]
Subject: $10M breaks MD5 in 24 days
From: Hal <[email protected]>
Date: Thu, 25 Aug 1994 13:58:03 -0700
Sender: [email protected]

I am not attending the Crypto conference, but I sat in on the evening
"rump session" the other day.  One of the more interesting papers had
a claim (with little detail, unfortunately) that for ten million dollars
you could build a machine that would "break" MD5, in the sense of finding
another message which would hash to the same as a chosen one, in 24
days.  This result did not depend on any internal structure in MD5, but
was purely a result of the hash size (128 bits) and the time it takes
to calculate a hash.

The main new result which allowed this was a more efficient way of
handling a parallel search for collisions (two messages which hash to
the same thing).  In some earlier methods, n machines provide only a
sqrt(n) speedup.  The new method improves this, although my notes don't
show exactly how close they come to an n-fold speedup.

The Secure Hash Standard (SHS, aka SHA) is, they said, 64K times slower,
hence this technique would take 64K times longer (or cost ~64K times
more?) to break that hash.

I don't think this is probably anything to really worry about, but
maybe it points out a need for a longer hash in the next few years.

Hal

P.S. The paper was by Paul C. van Oorschot & Michael J. Wiener.

Follow-Ups:
- Re: $10M breaks MD5 in 24 days
  - From: alex <[email protected]>
- Re: $10M breaks MD5 in 24 days
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: Re: Nuclear Weapons Material
Next by Date: No Subject
Prev by thread: 'What A Long Strange Trip It's Been' by Lewis Sanders
Next by thread: Re: $10M breaks MD5 in 24 days
Index(es):
- Date
- Thread