MD5 Collisions...

[Matt Piechota]

Norberto Meijome wrote:
>  I understand that the final nail in MD5's coffin hasn't been found 
 > yet ( ie, we cannot "determine the exact original input given a
 > hash value") , but the fact that certain magic bytes can be found
 > (rather quickly) so that any 2 given binaries end up as collisions
 > seems , from my unlearned POV, more serious or sinister than what
 > the text above implies.

I think the big mitigating factor is that you can't easily generate a 
message that has the same length as the original as well as the same 
hash.   I believe when this came up awhile back, the ports collection 
(for example) was deemed safe since the scripts checked the file length 
and MD5 hash, but even so they've started using both MD5 and SHA256 
hashes since the odds of a collision using both on the same message are 
essentially nil.