Abstract - In August 2004 at the annual cryptography conference in Santa Barbara, California a group of Chinese cryptographers

In August 2004 at the annual cryptography conference in Santa Barbara, California a group of cryptographers, Xianyan Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu made the announcement that they had successfully generated two files with different contents that had the same MD5 hash. This paper reviews the announcement and discusses the impact this discovery may have on the use of MD5 hash functions for evidence authentication in the field of computer forensics. Published by Elsevier Ltd. Hash functions are one of the basic building blocks of modern cryptography. In cryptography hash functions are used for everything from password verification to digital signatures. A hash function has three fundamental properties: • A hash function must be able to easily convert digital information (i.e. a message) into a fixed length hash value. • It must be computationally infeasible to derive any information about the input message from just the hash. • It must be computationally infeasible to find two files to have the same hash. Hash (Message 1) = Hash (Message 2). In computer forensics hash functions are important because they provide a means of identifying and classifying electronic evidence. Because hash functions play a critical role in evidence authentication it is critical a judge or jury can trust the hash values that uniquely identify electronic evidence. The third property of a hash function states that it must be computationally infeasible to find two files to have the same hash. The research published by Wang, Feng, Lai and Yu demonstrated that MD5 fails this third requirement since two different messages have been generated that have the same hash. This situation is called a collision.