[erlang-questions] wow: MD5 broken

Toby Thain <>
Sun Dec 2 00:55:23 CET 2007


On 1-Dec-07, at 11:17 AM, Richard Kelsall wrote:

> Toby Thain wrote:
>> On 1-Dec-07, at 9:42 AM, Joe Armstrong wrote:
>>> MD5 is really broken - gulp see
> ...
>>> I wonder how many millions of programs have now become insecure?
>> The paper concludes,
>> "MD5 should no longer be used as a hash function for software   
>> integrity or code signing purposes."
>> ...but isn't a good workaround just to use more than one hash,  
>> e.g.  MD5+SHA1?
>
> No. Use a better algorithm like SHA-256 or SHA-512. There are plenty
> of other good hash algorithms.

My point was that any *single* hash might one day be shown vulnerable  
to a similar technique, but using two together (as is sometimes  
already done) should be much more resistant?

--Toby

> Pick one from the table here that says
> "No" in the collisions column rather than creating your own
>
> http://en.wikipedia.org/wiki/Cryptographic_hash_function
>
>
> Richard.




More information about the erlang-questions mailing list