[erlang-questions] wow: MD5 broken
Sun Dec 2 00:55:23 CET 2007
On 1-Dec-07, at 11:17 AM, Richard Kelsall wrote:
> Toby Thain wrote:
>> On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:
>>> MD5 is really broken - gulp see
>>> I wonder how many millions of programs have now become insecure?
>> The paper concludes,
>> "MD5 should no longer be used as a hash function for software
>> integrity or code signing purposes."
>> ...but isn't a good workaround just to use more than one hash,
>> e.g. MD5+SHA1?
> No. Use a better algorithm like SHA-256 or SHA-512. There are plenty
> of other good hash algorithms.
My point was that any *single* hash might one day be shown vulnerable
to a similar technique, but using two together (as is sometimes
already done) should be much more resistant?
> Pick one from the table here that says
> "No" in the collisions column rather than creating your own
More information about the erlang-questions