Jim Michaels wrote:
The following bug has been logged online:
Bug reference: 4876
Logged by: Jim Michaels
Email address: jmich...@yahoo.com
PostgreSQL version: 8.3.7-1
Operating system: windows XP Pro SP3
Description: author of MD5 says it's seriously broken - hash
collision resistance problems
Details:
If you are looking for hash collision protection, start looking at SHA-256
or SHA-512.
I personally avoid using sha256 and sha512 because they have proven to be cpu
hogs, profilers show them sucking the life out of my applications ... adding
large amounts of latency. If you use these, make sure their use is rather
small; ie. not for lots of files or blobs.
If you realy need good collision detection, I would recommend combining two
algorithms into a single hash, like crc32+md5 or md5+sha1. The chances of a
collision on both algorithms on the same message becomes far more unlikely.
Also, they end up being more efficient than sha256 by itself.
--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
