Source code for MD5' collisions

Eric Rescorla ekr at rtfm.com
Mon Aug 16 21:25:30 EDT 2004


I've posted source code that demonstrates the MD5 collisions
on my web site at:

http://www.rtfm.com/md5coll.tar.gz.

It's just a modified version of the RFC1321 MD5 source code
with the byte-flipping in the state initialization. It also
includes machine readable test vectors and a makefile. Just
run 'make' and you get the following output, at least on
FreeBSD:

gcc -o md5prime -DINVERT_STATE -DMD=5 md5.c mddriver.c
# X1 and X1' with ordinary MD5--no collision
./md5 X1.bin
MD5 (X1.bin) = e115410841d7a06f2913be15e1760fd1
./md5 X1prime.bin
MD5 (X1prime.bin) = 7005ea821bcc0e64d0eb9852f2bec2bd
# X1 and X1' with md5prime--collision
./md5prime X1.bin
MD5 (X1.bin) = 8ada1581c24565adac73a2d27160ca90
./md5prime X1prime.bin
MD5 (X1prime.bin) = 8ada1581c24565adac73a2d27160ca90
echo

# X2 and X2' with ordinary MD5
./md5 X2.bin
MD5 (X2.bin) = 55f94e8f79e8a9795fad79f4c6ab5f11
./md5 X2prime.bin
MD5 (X2prime.bin) = 47aaf6e98d0799f9a85db9fd86cb392a
# X2 and X2' with md5prime
./md5prime X2.bin
MD5 (X2.bin) = 1a2a1d55c87318422367ae3462143fb6
./md5prime X2prime.bin
MD5 (X2prime.bin) = 1a2a1d55c87318422367ae3462143fb6

-Ekr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list