## MD5 Collisions (15 points)

### Background
MD5 was once the most widely used cryptographic hash function, but today it is considered dangerously insecure. This is because cryptanalysts have discovered efficient algorithms for finding collisions—pairs of messages with the same MD5 hash value. The first known collisions were announced on August 17, 2004, by Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu. 

Here’s one pair of colliding messages they published:





**Message 1:**
```
d131dd02c5e6eec4693d9a0698aff95c
2fcab58712467eab4004583eb8fb7f89
55ad340609f4b30283e488832571415a
085125e8f7cdc99fd91dbdf280373c5b
d8823e3156348f5bae6dacd436c919c6
dd53e2b487da03fd02396306d248cda0
e99f33420f577ee8ce54b67080a80d1e
c69821bcb6a8839396f9652b6ff72a70
```

**Message 2:**
```
d131dd02c5e6eec4693d9a0698aff95c
2fcab50712467eab4004583eb8fb7f89
55ad340609f4b30283e4888325f1415a
085125e8f7cdc99fd91dbd7280373c5b
d8823e3156348f5bae6dacd436c919c6
dd53e23487da03fd02396306d248cda0
e99f33420f577ee8ce54b67080280d1e
c69821bcb6a8839396f965ab6ff72a70
```

### Tasks

1. **Convert each group of hex strings into a binary file.**
   - On Linux, run:
     ```bash
     xxd -r -p file.hex > file
     ```
  
2. **What are the MD5 hashes of the two binary files? Verify that they’re the same.**
   - Run:
     ```bash
     openssl dgst -md5 file1 file2
     ```

3. **What are their SHA-256 hashes? Verify that they’re different.**
   - Run:
     ```bash
     openssl dgst -sha256 file1 file2
     ```

### Generating Collisions Yourself
In 2004, Wang’s method took more than 5 hours to find a collision on a desktop PC. Since then, researchers have introduced vastly more efficient collision-finding algorithms. You can compute your own MD5 collisions using a tool written by Marc Stevens that uses a more advanced technique.

You can download the fastcoll tool here: 
- [Windows executable](http://www.win.tue.nl/hashclash/fastcoll_v1.0.0.5.exe.zip)
- [Source code](http://www.win.tue.nl/hashclash/fastcoll_v1.0.0.5-1_source.zip)

If you are building fastcoll from source, you can compile using this makefile:  
You will also need the Boost libraries. On Ubuntu, you can install these using:
```bash
apt-get install libboost-all-dev
```

1. **Generate your own collision with this tool. How long did it take?**
   - Run:
     ```bash
     time ./fastcoll -o file1 file2
     ```

2. **What are your files? To get a hex dump, run:**
   ```bash
   xxd -p file
   ```

3. **What are their MD5 hashes? Verify that they’re the same.**

4. **What are their SHA-256 hashes? Verify that they’re different.**
```

Feel free to use or modify this Markdown text as needed!

## A Hash Collision Attack

The collision attack lets us generate two messages with the same MD5 hash and any chosen (identical) prefix. Due to MD5’s length-extension behavior, we can append any suffix to both messages and know that the longer messages will also collide. This lets us construct files that differ only in a binary “blob” in the middle and have the same MD5 hash, i.e., `prefix || blobA || suffix` and `prefix || blobB || suffix`. 

We can leverage this to create two programs that have identical MD5 hashes but wildly different behaviors. We’ll use Python, but almost any language would do.

### Step 1: Create Prefix and Suffix Files

Copy and paste the following three lines into a file called `prefix` (Note: writing these lines yourself may lead to encoding mismatch and errors while running the resulting Python code):

```python
#!/usr/bin/python 
# -*- coding: utf-8 -*- 
blob = """ 


In [1]:
import hashlib

# Common prefix
prefix = """#!/usr/bin/python
# -*- coding: utf-8 -*-
blob = \"\"\"
"""

# Blob content
blob_common = "This is a common blob content.\n"
good_blob = "print('I come in peace.')\n"  # Good script content
evil_blob = "print('Prepare to be destroyed!')\n"  # Evil script content

# Combine to form complete scripts
good_script = prefix + blob_common + good_blob
evil_script = prefix + blob_common + evil_blob

# Function to compute MD5
def compute_md5(content):
    return hashlib.md5(content.encode('utf-8')).hexdigest()

# Save scripts to files
with open("./hash_collision_attack/good.py", "w") as f:
    f.write(good_script)

with open("./hash_collision_attack/evil.py", "w") as f:
    f.write(evil_script)

# Compute and print MD5 hashes
good_md5 = compute_md5(good_script)
evil_md5 = compute_md5(evil_script)

print("MD5 of good.py:", good_md5)
print("MD5 of evil.py:", evil_md5)

# Verify if MD5s are the same
if good_md5 == evil_md5:
    print("Both scripts have the same MD5 hash.")
else:
    print("MD5 hashes are different.")


MD5 of good.py: 1324bea205dedbf05f8b688ae9e444f0
MD5 of evil.py: 3088e3272636c662c98d16cc91a8f4f1
MD5 hashes are different.


# 3.4 Guess the Number (20 points)
- The goal of this task is to guess a number that we will announce in class next - - - week. You MUST complete this section and submit hash.hex before the announcement.
Here are the rules:

- At the start of class next week, I will announce the winning number, which will be - an integer in the range [0;63].
- Prior to the announcement, each student may email one guess. To keep everything - - fair, your guesses will be kept secret using the following procedure:
- (a) You’ll create a PostScript file that, when printed, produces a single page - - - that contains only the statement: “your name guesses n”.
- (b) You’ll register your guess by emailing the MD5 hash of your file to hash.hex. - We must receive your hash value before the announcement.
- (c) You and your project partner may collaborate and produce a file that includes - both of your names, or you may choose to work independently.

In [2]:
import hashlib

# Step 1: Create the PostScript content
name = "Awais Amjad"  # Replace with your actual name
guess = 42          # Replace with your guess (an integer in [0, 63])
postscript_content = f"({name} guesses {guess}) show\n"

# Step 2: Write the content to a PostScript file
with open("guess.ps", "w") as ps_file:
    ps_file.write("%!PS-Adobe-3.0\n")
    ps_file.write("%%BoundingBox: 0 0 300 200\n")
    ps_file.write("%%EndComments\n")
    ps_file.write("0 200 moveto\n")  # Move to position
    ps_file.write(postscript_content)

# Step 3: Calculate the MD5 hash of the PostScript file
def compute_md5(file_path):
    hash_md5 = hashlib.md5()
    with open(file_path, "rb") as f:
        for chunk in iter(lambda: f.read(4096), b""):
            hash_md5.update(chunk)
    return hash_md5.hexdigest()

# Calculate hash
hash_value = compute_md5("guess.ps")

# Step 4: Write the hash to hash.hex
with open("hash.hex", "w") as hash_file:
    hash_file.write(hash_value)

# Print the hash value
print(f"MD5 Hash: {hash_value}")


MD5 Hash: ca9aaceca591e315464d38b500a6c679
