AlexC wrote:
For the right type of data, the probability of a collision in MD5 is 100%
NO. <img src="images/smiles/icon_cry.gif" alt="Crying or Very sad" title="Crying or Very sad" />
That isNOT the probability of a collision.
That is the fact that a collision can be artificially provoked through (a simple) calculation.
The calculation method found is simple enough to be within practical limits of *any* computer, hence MD5 is "compromised", but the probability of a collision on random files/data remains ~2^64, or more exactly 1.26*2^64 (but as seen in the already linked to sources can be lowered in a collision attack to around 2^42).
The SHA-1 as you can read in the links (also by Bruce Schneier) I posted earlier is NOT "compromised" as the calculation method found only reduces the number of brute force attempts from 2^80 (probability of a collision) to 2^69, which is however yet well beyond the possibilities of most computers:
https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
Quote::
Then, since log2(350) ~ 8.4 the cost of the attack will be approximately:
213 * 28.4 = 221.4 ~ $2.77M in 2012
211 * 28.4 = 219.4 ~ $700K by 2015
29 * 28.4 = 217.4 ~ $173K by 2018
27 * 28.4 = 215.4 ~ $43K by 2021
A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021.
jaclaz
P.S.: Edited to make more clear the difference between collision probability and range for a collision attack.
↧