Published August 24th, 2004 by Jim O'Halloran
MD5 Collision found
It appears that a collision has been found in MD5.
What triggered this? A collision in MD5. I am not an expert in cryptography, but I do find this subject fascinating.
Effectively this means that there are two strings, which when MD5′ed return the same result. This certainly doesn’t mean that MD5 is worthless, but researchers seem to have made a lot of progress towards breaking it. As Bruce Schneier said in a recent ComputerWorld column:
This is how the science of cryptography advances: We learn how to design new algorithms by breaking other algorithms.
Bruce also argues that its time for a new hash standard:
NIST should issue a call for algorithms and conduct a series of analysis rounds, where the community analyzes the various proposals with the intent of establishing a new standard.
Most of the hash functions we have and all the ones in widespread use are based on the general principles of MD4. Clearly we’ve learned a lot about hash functions in the past decade, and I think we can start applying that knowledge to create something even more secure.
Better to do it now, when there’s no reason to panic, than years from now, when there might be.
Sounds reasonable to me.