[erlang-questions] wow: MD5 broken
Toby Thain
toby@REDACTED
Sun Dec 2 00:55:23 CET 2007
On 1-Dec-07, at 11:17 AM, Richard Kelsall wrote:
> Toby Thain wrote:
>> On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:
>>> MD5 is really broken - gulp see
> ...
>>> I wonder how many millions of programs have now become insecure?
>> The paper concludes,
>> "MD5 should no longer be used as a hash function for software
>> integrity or code signing purposes."
>> ...but isn't a good workaround just to use more than one hash,
>> e.g. MD5+SHA1?
>
> No. Use a better algorithm like SHA-256 or SHA-512. There are plenty
> of other good hash algorithms.
My point was that any *single* hash might one day be shown vulnerable
to a similar technique, but using two together (as is sometimes
already done) should be much more resistant?
--Toby
> Pick one from the table here that says
> "No" in the collisions column rather than creating your own
>
> http://en.wikipedia.org/wiki/Cryptographic_hash_function
>
>
> Richard.
More information about the erlang-questions
mailing list