[erlang-questions] wow: MD5 broken
Richard Kelsall
r.kelsall@REDACTED
Sat Dec 1 14:17:19 CET 2007
Toby Thain wrote:
> On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:
>
>> MD5 is really broken - gulp see
...
>> I wonder how many millions of programs have now become insecure?
>
> The paper concludes,
> "MD5 should no longer be used as a hash function for software
> integrity or code signing purposes."
> ...but isn't a good workaround just to use more than one hash, e.g.
> MD5+SHA1?
No. Use a better algorithm like SHA-256 or SHA-512. There are plenty
of other good hash algorithms. Pick one from the table here that says
"No" in the collisions column rather than creating your own
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Richard.
More information about the erlang-questions
mailing list