Is MD5 really unreliable? Same verification, different files!

Author: Mob

Literacy first:

MD5 treats the entire file as a large text, and generates this unique MD5 information digest through its irreversible String Conversion Algorithm. In order to give readers an intuitive understanding of the MD5 application, I will briefly describe the working process with an example:

Everyone knows that anyone on the Earth has his own unique fingerprint, which is often the most trustworthy way for public security organs to identify criminals. Similarly, MD5 can generate a unique "digital fingerprint" for any file regardless of its size, format, and quantity. If anyone makes any changes to the file, the MD5 value, that is, the corresponding "digital fingerprint", will change.

We often see the MD5 value in a software information on some software download sites. Its function is that after we download the software, use a dedicated software (such as HashX) for MD5 verification on the downloaded files to ensure that the files we obtain are the same as the files provided by the site. The MD5 algorithm is widely used in software download sites, Forum databases, and system file security.

Demo:

Download HashX 1.0.1.2 (504KB) and The window of The World browser (The World) 2.2 Beta (556KB). The files are very small for testing.

After:

 

Figure 1 drag and drop the File to be verified to the program window and press Hash File

Figure 2 shows the test result, which can be copied by Copy Output.

Figure 3 compares the MD5 provided by the publisher, and uses other algorithms (such as SHA-1) for verification.

You can try it out, for example, creating a TXT file and entering anything. Check the MD5 file and record it. Then, modify the TXT file and check again. It can be found that, as long as it is slightly different, the MD5 is completely different.

That is to say, the function of MD5 verification is to know whether the file downloaded from the network is the file provided by the original publisher. Many people often complain about the problem of using the files downloaded by thunder. Here, I believe everyone understands that it is a different file source. And sometimes, if a publisher's website may be hacked or tampered with, check MD5 to see if it has been maliciously implanted with viruses or Trojans (if the website server is intruded, usually the publisher does not know ).

But! From today on, everything above has become unreliable!

The reason is that two years ago, Professor Wang Xiaoyun began to crack the algorithm, and later began to launch the so-called "MD5 attack ".

Reading: how to crack the MD5 of the strongest Algorithm

Old talk: Starting from Professor Wang Xiaoyun's successful MD5 cracking

The "MD5 Collision" mentioned below is simply: first obtain the MD5 value of a string, and then according to this value, calculate another different string, but their MD5 values are exactly the same!

Maybe you will think that different strings can produce the same MD5, which is nothing remarkable. This is just one of thousands of strange mathematical problems in the world.

But! Have you ever wondered whether it is possible to make the two program files have the same MD5, but they can all run normally and do completely different things?

The answer is: yes!

Http://www.win.tue.nl/hashclash/SoftIntCodeSign/HelloWorld-colliding.exe

Http://www.win.tue.nl/hashclash/SoftIntCodeSign/GoodbyeWorld-colliding.exe

The two programs print different characters on the screen, but their MD5 values are consistent.

After reading the paper, the abstract is as follows:

These cryptographic Experts use chosen-prefix collisions to launch this attack (an improved version of the attack method used by Wang Xiaoyun ).

The computer they use is a Sony PS3, and it only takes less than two days.

Their conclusion: the MD5 algorithm should no longer be used for any software integrity check or code signature purposes.

Another: Now, if you only want to generate files with the same MD5 but different content, you can do it in a few seconds on any mainstream computer.

The "quick MD5 collision generator" written by these cryptographic experts ":
Http://www.win.tue.nl/hashclash/fastcoll_v1.0.0.5.exe.zip
Source code: http://www.win.tue.nl/hashclash/fastcoll_v1.0.0.5_source.zip

Questions:

Why is the verification method used when Microsoft released the patch, instead of MD5, SHA-1?