Collision-resistance is an essential property for one-way hash functions, but several widely-used one-way hash functions have trouble maintaining this property. In 2004, Xiaoyun Wang and co-authors demonstrated a collision attack against MD5. In 2017, CWI Amsterdam and Google Research announced the SHAttered attack, which breaks the collision-resistant property of SHA-1. While many students do not have trouble understanding the importance of the one-way property, they cannot easily grasp why the collision-resistance property is necessary, and what the impact of these attacks can cause.
The learning objective of this lab is for students to really understand the impact of collision attacks, and see in first hand what damages can be caused if a widely-used one-way hash function's collision-resistance property is broken. To achieve this goal, students need to launch actual collision attacks against the MD5 hash function. Using the attacks, students should be able to create two different programs that share the same MD5 hash but have completely different behaviors.