[EthanHeilman]

>They're also 6, not 200+ KB. They have been specially crafted to be as small as possible to make the problem set as easy as possible.

That is not how it works, MD5 is vulnerable to length extension attacks[0]. Once you collide part of an MD5 hash, if everything that follows that collision is the same, it can be as long as you want. Colliding large files is just as easy as colliding small files. You could perform the same exercise with 1GB executables.

[0]: http://en.wikipedia.org/wiki/Length_extension_attack

[Someone1234]

> Once you collide part of an MD5 hash, if everything that follows that collision is the same, it can be as long as you want. Colliding large files is just as easy as colliding small files.

I've read that three times, still don't follow what you're getting at. That isn't how length extension attacks work/can be utilised.

Please go ahead and generate a file that collides with any of the linked files and is the same file size. The content doesn't have to be valid or readable, junk/binary is fine. If you can do this in a reasonable period of time (e.g. 24 hrs) then your point would have been proven.

The smallest is 224K with a hash of 180caf23dd71383921e368128fb6db52.

[codeflo]

That's not what a collision attack[1] is. You're probably thinking of a pre-image attack[2].

[1] http://en.wikipedia.org/wiki/Collision_attack

[2] http://en.wikipedia.org/wiki/Preimage_attack

[Someone1234]

I didn't use the expression "collision attack" ever in this thread. I quoted someone else who used that term however (and the context of the whole discussion is clearly related to preimage attacks, not collision attacks).