Just because we don’t have access to Wang’s attack on MD5 doesn’t mean we
can’t seek out new and amusing ways to reverse engineer it…some interesting
pictures, as Wang’s payloads propagate through an MD5 hash in a bit-visualized
- Wang’s vec1 (PNG) (TXT)
- Wang’s vec2 (PNG) (TXT)
- Difference between vec1 and vec2.
- Difference, animated.
The last line is the bit-representation of the final MD5 hash. This is
trivially inspired by Greg Rose et al’s musing on MD5 (very fine paper). Some others which have crossed my
- Practical Attacks on Digital Signatures Using MD5 Message Digest (A near collision discussing MD5 collisions. Ha!)
- What’s the worst that could happen? Eric Rescorla’s take on crypto vulnerabilities. He’s actually rather surprised how much MD5’s failures don’t break things, purely accidentally even. For instance, using the MD5 attack against certificates isn’t going to work anytime soon.