I missed this on Slashdot (since I rarely read it anymore,) but thanks to Cameron's blog post I caught this piece of news. The first code has been released that shows how to find collisions in the MD5 algorithm. Essentially this means two completely different source files can be salted to produce the same string. In a nutshell, if you're relying on an MD5 hash to gaurentee the integrity of a file, you have problems—especially if you're relying on it producing unique, secure hash strings.
For a good layman explanation of the problem and the exploit, Magnus Daum & Stefan Lucks have published a really good article over at CITS titled Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss".
Comments for this entry have been disabled.