On Fri, June 10, 2005 3:01 pm, Jason Barnett said: > That is incredibly interesting stuff, many thanks for that link! So the > position seems to be that it may not be feasible to reverse MD5, but it > is now feasible to create forged documents / binaries / whatever that > result in exactly the same MD5 hash as the original. No. > I actually tried it out for myself... and indeed the two different > documents produced the exact same MD5 sum. That's a one in a billion chance... So, if your binary file HAPPENS to match that meaningless string, you could use that OTHER meaningless string instead... I'll bet neither of the two strings has any real-world "meaning" They just happen to be the two strings that are "easy" to find that have the same MD5. This has absolutely NO meaning in real-world uses of MD5. You'd have heard a LOT more screaming and wailing and gnashing of teeth if this mattered. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php