| > A "collision" means you have two pre-images which hash to the same value, but you did not pick either of the two pre-images. I think the use of the word "you" is ambiguous here (do you mean the attacker? verifier?). In an attack scenario for a collision attack, you would have an attacker prepare two documents that have the same hash but a different message. Attacker uses the innocent message initially, and then later swaps it to the evil message pretending it was that all along (or vice versa). The way i could see it happening in a court setting (This is super far fetched and a bunch of reasons why this wouldn't work in practice). Attacker, knowing they might end up in court, creates two payloads, one evil, one innocent with same md5 hash. Attacker uses the evil payload to attack some target Attacker gets arrested In court, the put the payload the attacker used into evidence, indexed by its md5 hash Attacker claims in court that it is all a misunderstanding, all they sent to the server was the innocent payload that just so happens to have the same hash as the evil one. There's a bunch of (social) reasons why this probably wouldn't work, but this seems just as viable as the 2nd pre-image attack, and unlike the 2nd pre-image attack, actually is viable with md5. |