Chosen-prefix collisions for MD5 and applications
by Marc Stevens; Arjen K. Lenstra; Benne De Weger
International Journal of Applied Cryptography (IJACT), Vol. 2, No. 4, 2012

Abstract: We present a novel, automated way to find differential paths for MD5. Its main application is in the construction of chosen-prefix collisions. We have shown how, at an approximate expected cost of 239 calls to the MD5 compression function, for any two chosen message prefixes P and P′, suffixes S and S′ can be constructed such that the concatenated values P||S and P′||S′ collide under MD5. The practical attack potential of this construction of chosen-prefix collisions is of greater concern than the MD5-collisions that were published before. This is illustrated by a pair of MD5-based X.509 certificates one of which was signed by a commercial Certification Authority (CA) as a legitimate website certificate, while the other one is a certificate for a rogue CA that is entirely under our control (cf. http://www.win.tue.nl/hashclash/rogue-ca/). Other examples, such as MD5-colliding executables, are presented as well. More details can be found on http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/.

Online publication date: Tue, 30-Sep-2014

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Applied Cryptography (IJACT):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com