I previously wrote about how XBox videogame publishers can break free from Microsoft. It wasn’t so theoretical. This week, researchers showed how to get MD5 collisions with meaningful documents.
I wonder what method Microsoft will use to sign Xenon XBEs?
I missed the part about how they can create the same MD5 from a completely different input which is still meaningful – in short, the whole point of the link. Suppose I need a document containing the text “This is amazing!” to also work. Where am I to hide the extra bits that will get me the hash I'm looking for? It sounds sufficiently advanced, and thus, like magic
(http://livejournal.com/users/greatbiggary)
Well if your doc was just the ASCII string “This is amazing!” you'd have a pretty hard job finding a hash collision with the same length source.
“This is amazing!” is only 16 characters long, or 128 bits. Since the hash is 128 bits (in the case of MD5, and more for other hash types), the pigeonhole principle tells us that a collision _must_ exist if and only if the source is over 128 bits long. Assuming that even distribution is a property of a decent hash function, you're going to have a harder time finding a hash collision (while preserving the source length) than if the source was many times longer than the hash.
In practice of course, the source is always much bigger than the hash value.
(http://livejournal.com/users/elbeno)