[erlang-questions] wow: MD5 broken

Richard Kelsall <>
Sat Dec 1 14:17:19 CET 2007

Toby Thain wrote:
> On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:
>> MD5 is really broken - gulp see
>> I wonder how many millions of programs have now become insecure?
> The paper concludes,
> "MD5 should no longer be used as a hash function for software  
> integrity or code signing purposes."
> ...but isn't a good workaround just to use more than one hash, e.g.  
> MD5+SHA1?

No. Use a better algorithm like SHA-256 or SHA-512. There are plenty
of other good hash algorithms. Pick one from the table here that says
"No" in the collisions column rather than creating your own



More information about the erlang-questions mailing list