This C program is an implementation of the
collision attack [1] on MD5 of Xiaoyun Wang et al.
It takes
about half an hour on average on a standard PC to find a collision.
You are free to modify and distribute the source code. All comments
are welcome at crypto at znoren dk. Please note that the program only produces correct results on 32-bit little-endian systems (thanks to Ralf-Philipp Weinmann for pointing that out)
Sample MD5 collisions can be found here, and "meaningful" colliding
Postscript documents can be found here.
[1]
X. Wang and H. Yu. How to Break MD5 and Other Hash Functions. In
R. Cramer, editor, EUROCRYPT, volume 3494 of Lecture Notes in Computer
Science, pages 19-35. Springer, 2005.
Copyleft 2005 Søren Steffen Thomsen