MD5 Hash has been broken

The MD5 hash is used for “digitally signing” data.  It is very popular and it performs an exceedingly important function in computer security.  There are alternatives to it so long term it isn’t a big issue assuming the current or related flaw isn’t found in them too.  But short term it’s still a big deal.

http://www.arnnet.com.au/index.php/id;1503863220;fp;16;fpid;0

Researchers have discovered a flaw in the MD5 algorithm that is used to provide a unique signature for data.

Xiaoyun Wang, a Chinese expert, and three colleagues have discovered the flaw in the hash function algorithm, which is used in applications, such as EMC’s Centera content-addressable file store. The flaw was revealed at the Crypto 2004 conference.

A duplicated hash value is called a collision. Such a hash function is not un-crackable. It relies for its effectiveness on the great amount of time required to break it. Until the Chinese team’s work, several million hours of compute time would have been needed. They showed that it could be done within a few hours on a standard PC.