Construct a prefix collision method to make two files with different content but with the same MD5 verification code

Transferred from: http://bbs.chinaunix.net/thread-1182816-1-1.html

I was always very confident that: you have the ability to find MD5 collision, and how? Do you have the ability to make two executable files like the MD5, but all can run normally, and can do completely different things?
Answer: Really can.

Http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe

Http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe

The two programs print different characters on the screen, but their MD5 are the same.

Read through his paper as follows:

These ciphers use the "construct prefix collision method" (Chosen-prefix collisions) for this attack (an improved version of the attack method used by Xiao).

The computer they used was a Sony PS3, and it took less than two days.

Their conclusion: The MD5 algorithm should no longer be used for any software integrity checks or code signing purposes.

Another: Now, if you just want to build a file with the same MD5 and different content, you can do it in a few seconds on any of the major configured computers.

The "Fast MD5 Collision Generator" Written by these cryptography scientists: http://www.win.tue.nl/hashclash/fastcoll_v1.0.0.5.exe.zip
Source code: Http://www.win.tue.nl/hashclash/fastcoll_v1.0.0.5_source.zip

Measured the 2 exe MD5 is indeed the same.

Running results are different. Does not necessarily pose a substantial threat to the existing EXE, but is clearly a threat. If you can join the Trojan. To recalculate the MD5.
That would be awesome.