## Tunnels in MD5

From: "andrew cooke" <andrew@...>

Date: Sun, 26 Mar 2006 10:54:57 -0400 (CLT)

I don't understand this, but it looks ominous:

In this paper we introduce a new idea of tunneling of hash functions. In
some sense tunnels replace multi-message modification methods and
exponentially accelerate collision search. We describe several tunnels
in hash function MD5. Using it we find a MD5 collision roughly in one
minute on a standard notebook PC (Intel Pentium, 1.6 GHz). The method
works for any initializing value. Tunneling is a general idea, which can
be used for finding collisions of other hash functions, such as SHA-1, 2.
We show several capabilities of tunnels. A program, which source code is
available on a project homepage, experimentally verified the method.

Especially - to what extent is this specific to MD5 (already known to be
weak), and to what extent is it general?

Google turned up this discussion - http://technocrat.net/d/2006/3/21/1500
- which included:

From a cursory examination it appears that this method generates two
different pseudorandom pieces of data which have the same md5sum hash
output.

They have not shown an easy way of generating an alternative set of
data with the same md5sum as a chosen file or to generate a collision
for a chosen m5 hash.

This means that common uses of md5 are not yet broken. For example
schemes to check the authenticity of files such as verified links for
filesharing programs or using a hash value from a trusted source to
Andrew