MD5 is dead?

To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Subject: MD5 is dead?
From: Kurt Seifried <kurt@seifried.org>
Date: Mon, 17 Dec 2018 08:50:10 -0700
Authentication-results: spf=softfail (sender IP is 198.49.146.235) smtp.mailfrom=seifried.org; lists.mitre.org; dkim=pass (signature was verified) header.d=seifried-org.20150623.gappssmtp.com;lists.mitre.org; dmarc=none action=none header.from=seifried.org;
Delivery-date: Mon Dec 17 11:29:48 2018
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seifried-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Ti2UojQDV+yzbBV5QX6HL6T45Sf2ncUnk8Mrb7dr6AU=; b=TxTkDJmCfkUKEr6lp+DnwTtLA4ycBkIdDcaUxSvp50eAnBPXLPcA9rz8DNDZRjZgv9 H+/XM7/33+KPD0pbsgwrPP3OOI3FzAvEBfxUOVok0hmvbsA6CcmhyQwbmtv2WH/65Js7 hpiIWTsHXVGRuHO3EQ9Nz7l2oioBkdDyzHV3ViiWzwg5Ccc828wDq5qzk0nWTCVMogvW UAeqakoGaL8QBLxUTZPRJ1oA6DN6ApUDIiu+dHv3ASxYQVZNWTTzU/x4JhiOV+ysecsm H0Obv7j8ADf/gFnbjC2JK5KXMN7CNU1irF0nHAuR01KQBSeMlW+WsPCyL7VFZURHKNBv DelQ==
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

Current status - as of December 2018 - of known attacks:

get a file to get another file's hash or a given hash: impossible
- it's still even not practical with MD2.
- works for simpler hashes(*)
get 2 different files with the same MD5: instant
- examples: 1 & 2
make 2 arbitrary files get the same MD5: a few hours (72 hours.core)
- examples: 1 & 2
make 2 arbitrary files of specific file formats (PNG, JPG, PE...) get the same MD5: instant
- read below
get two different files with the same SHA1: 6500 years.core
- get two different PDFs with the same SHA-1 to show a different picture: instant (the prefixes are already computed)