LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

When were MD5 and SHA-1 broken, and what are the practical implications?

MD5 collisions were found in under 1 hour in 2004. SHA-1 collision complexity was reduced from $2^{80}$ to $2^{52}$ by 2009.

MD5 (broken 2004):

  • Xiaoyun Wang et al. found an algorithm that produces MD5 collisions on a single computer in about one hour
  • Two 1024-bit values differing in only 6 bit positions produced the same 128-bit MD5 hash
  • Similar attacks were found for RIPEMD-128 and SHA-0

SHA-1 (weakened 2005-2009):

  • Brute-force collision requires $2^{80}$ operations (birthday attack on 160-bit hash)
  • Feb 2005: Chinese researchers reduced this to $2^{69}$ — a factor of $2^{11} = 2048$ fewer operations
  • June 2009: Further reduced to $2^{52}$ — a factor of $2^{17} = 131,072$ improvement
  • Actual collision cost: approximately €10,000 (recent estimate)

Practical implications:

  • These were all collision attacks (birthday), not pre-image attacks
  • For forging signatures, you need a pre-image attack — still infeasible for SHA-1
  • But: no panic needed — SHA-3 is the solution, and SHA-2 remains unbroken
  • SHA-1 still considered acceptable for HMAC (where collision resistance isn't the primary concern)

Go deeper:

From Quiz: KRYPTOG / One-Way and Hash Functions | Updated: Jul 14, 2026