Collision-resistance is an essential property for one-way hash functions, but several widely-used one-way hash functions have trouble maintaining this property. In 2004, Xiaoyun Wang and co-authors demonstrated a collision attack against MD5. In 2017, CWI Amsterdam and Google Research announced the SHAttered attack, which breaks the collision-resistant property of SHA-1. While many students do not have trouble understanding the importance of the one-way property, they cannot easily grasp why the collision-resistance property is necessary, and what the impact of these attacks can cause.

The learning objective of this lab is for students to really understand the impact of collision attacks, and see in first hand what damages can be caused if a widely-used one-way hash function's collision-resistance property is broken. To achieve this goal, students need to launch actual collision attacks against the MD5 hash function. Using the attacks, students should be able to create two different programs that share the same MD5 hash but have completely different behaviors.

Lab Tasks (Description)

  • VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time:

  • Supervised situation (e.g. a closely-guided lab session): 2 hours
  • Unsupervised situation (e.g. take-home project): 1 week

Files that are Needed

  • If you use the SEEDUbuntu12.04 VM, you need to run the shell script in md5_patch.zip to install the tool needed for this lab. The tool has already been installed on the SEEDUbuntu16.04 VM.

SEED Project