MD5 checksum hash collision

Published
Credit
Risk
2014.11.05
natmchugh
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

This type of collision is has been termed a chosen prefix collision. In this case the image data is the prefix or to be more exact the internal state of the MD5 algorithm after processing the image is. You can't see the added binary data at the end of jpeg images as it is preceded with an End Of Image JPEG marker.

Chosen prefix collisions for MD5 were first successfully shown in 2007 in this paper http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/ . The attack uses iterations of differential analysis of MD5. The first successful differential analysis was demonstrated by Xiaoyun Wang in her 2005 paper How to Break MD5 and Other Hash Functions.

More:
http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html

References:

http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html
http://seclists.org/oss-sec/2014/q4/529


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com