"Ilia Alshanetsky" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Ron Korving wrote: > > I just read this news that an MD5 collision can now be done by anyone in 45 > > minutes (avg) on a P4 1.6 GHz: > > http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228 > > http://www.stachliu.com.nyud.net:8090/collisions.html > > > > MD5 as the standard for hashing is definately history. All the more reason > > for sha256- and alike-functions. > > If you've read the article closely you'll know that while an impressive > trick, collisions cannot be generated arbitrarily. The program generates > both of the values that result in the same md5 hash . You cannot give it > an md5 and have it generate you a string with the same md5 hash, so md5 > is still relatively safe. > > Ilia
Perhaps... for now... I'm no crypto expert and don't aim to be one, but when I read the /. responses, a lot of people find MD5 dead and gone. Even if they're wrong, the public will expect functions in PHP to replace the md5 functions. Just my 2 cents, I'm not even trying to start an argument here ;) Ron -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
