MD5 checksum hash collision

33   2019-08-05 08:08   nipc
漏洞信息
漏洞编号: 1331
CVE编号:
漏洞类型: -
漏洞来源: cxs
发布日期: 2014-11-05
CVSS
CVSS值: -
严重级别: 高危
利用范围: -
攻击复杂度: -
认证级别: -
漏洞描述

WLB-2014110020[***]http://cxsecurity.com/issue/WLB-2014110020[***]Trick: MD5 checksum hash collision ( Ascii Version )[***]MD5 checksum hash collision [***]2014.11.05[***]natmchugh[***]High[***]N/A [***]N/A ( Add )@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** </form>[***]No[***]Yes[***][***][***][***][***][***][***][***][***] This type of collision is has been termed a chosen prefix collision. In this case the image data is the prefix or to be@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** more exact the internal state of the MD5 algorithm after processing the image is. You can't see the added binary data at@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** the end of jpeg images as it is preceded with an End Of Image JPEG marker.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Chosen prefix collisions for MD5 were first successfully shown in 2007 in this paper@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/ . The attack uses iterations of differential analysis of MD5.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** The first successful differential analysis was demonstrated by Xiaoyun Wang in her 2005 paper How to Break MD5 and Other@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Hash Functions.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** More:@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html[***]http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html[*]http://seclists.org/oss-sec/2014/q4/529

POC

This type of collision is has been termed a chosen prefix collision. In this case the image data is the prefix or to be more exact the internal state of the MD5 algorithm after processing the image is. You can't see the added binary data at the end of jpeg images as it is preceded with an End Of Image JPEG marker. Chosen prefix collisions for MD5 were first successfully shown in 2007 in this paper http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/ . The attack uses iterations of differential analysis of MD5. The first successful differential analysis was demonstrated by Xiaoyun Wang in her 2005 paper How to Break MD5 and Other Hash Functions. More: http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html