←back to thread

A webshell and a normal file that have the same MD5

(github.com)
98 points shlomo_z | 1 comments | 21 Sep 25 05:52 UTC | HN request time: 0s | source
Show context
dsab ◴[24 Sep 25 05:23 UTC] No.45356607[source]
It's a pity that there is no description of what it is supposed to be used for.
replies(5): >>45356899 #>>45356950 #>>45357043 #>>45357572 #>>45358129 #
lisper ◴[24 Sep 25 06:38 UTC] No.45357043[source]
If you don't know, then you aren't the target audience.

But there are two applications: the first is breaking in to a system under some very obscure set of circumstances that you are very unlikely to encounter in the real world. The second is to bump up your karma on HN.

replies(2): >>45358864 #>>45360080 #
bawolff ◴[24 Sep 25 11:26 UTC] No.45358864[source]
> If you don't know, then you aren't the target audience.

If you do know, then you also know md5 being broken is really really old news.

Seriously. Cryptographers have been warning that md5 seems weak since 1996. There are probably people reading this thread who weren't even alive yet. (It got totally broken in 2004 but the warning signs were way earlier).

replies(1): >>45358991 #
ramses0 ◴[24 Sep 25 11:42 UTC] No.45358991[source]
Someone with more karma motivation could post this as a top level story, but Plex offers to validate their Debian public key via MD5: https://support.plex.tv/articles/235974187-enable-repository...

Such security! Much wow!

replies(1): >>45369484 #
1. bawolff ◴[25 Sep 25 05:13 UTC] No.45369484[source]
While this is a bad idea, as far as i know its secure since nobody has broken md5 second preimage.