Two files enter. One hash to rule them both.
Enter a shared prefix. We append two published MD5 collision blocks to forge twin files with the same hash.
Red bytes differ between the two inputs; the rest are identical.
An MD5 hash is a 128-bit fingerprint of some data. Ideally every file has a unique one.
The catch: in 2004 Wang et al. showed you can craft two different files with the same MD5. By 2008 researchers even forged a rogue certificate. MD5 has been cryptographically dead for ~20 years.
Collision attack vs preimage attack: Crafting two files together (a collision) is easy โ that's what Forge Mode does using published blocks. Matching an arbitrary existing hash someone else gave you (a preimage) is still astronomically hard.
If we could actually preimage any MD5 in your browser, we'd be too busy breaking into banks to build cute web apps. ๐ฆ