[erlang-questions] wow: MD5 broken
Sat Dec 1 14:17:19 CET 2007
Toby Thain wrote:
> On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:
>> MD5 is really broken - gulp see
>> I wonder how many millions of programs have now become insecure?
> The paper concludes,
> "MD5 should no longer be used as a hash function for software
> integrity or code signing purposes."
> ...but isn't a good workaround just to use more than one hash, e.g.
No. Use a better algorithm like SHA-256 or SHA-512. There are plenty
of other good hash algorithms. Pick one from the table here that says
"No" in the collisions column rather than creating your own
More information about the erlang-questions