Comment Re:H(x) == H(y) - H(x + q) == H(y + q) ? (Score 1) 253
At Toorcon this year, Dan Kaminsky showed a way to create two different webpages that render properly in a browser but have the same MD5 hash. Anybody who thinks this attack is theortical and ignorable is grossly mistaken.
Same thing has been done with postscript files, but neither is a result of breaking MD5. HTML and PS include the ability to embed logic in the page. Two identical web pages with javascript that says if(location.href==goodpage) { render one thing } else { render the other thing } will appear to defeat MD5.
Same thing has been done with postscript files, but neither is a result of breaking MD5. HTML and PS include the ability to embed logic in the page. Two identical web pages with javascript that says if(location.href==goodpage) { render one thing } else { render the other thing } will appear to defeat MD5.
