Alejandro Tejada wrote:
My question is: Which other operations are needed in
this quasiMD5 function to produce true MD5 digests
of big files?
The MD5 algo is a great way for quick data validation for internal use,
but for more serious use (like verifying a distro) I don't think anyone
uses MD5 anymore - from Wikipedia:
MD5 was designed by Ron Rivest in 1991 to replace an
earlier hash function, MD4. In 1996, a flaw was found
with the design of MD5. While it was not a clearly
fatal weakness, cryptographers began recommending the
use of other algorithms, such as SHA-1 (which has
since been found also to be vulnerable). In 2004, more
serious flaws were discovered, making further use of
the algorithm for security purposes questionable.[3][4]
In 2007 a group of researchers described how to create
a pair of files that share the same MD5 checksum.[5]
In an attack on MD5 published in December 2008, a group
of researchers used this technique to fake SSL certificate
validity.[6][7] US-CERT of the U. S. Department of
Homeland Security said MD5 "should be considered
cryptographically broken and unsuitable for further
use,"[8] and most U.S. government applications will
be required to move to the SHA-2 family of hash
functions after 2010.[9]
<http://en.wikipedia.org/wiki/MD5>
I've seen some SHA-1 hashes in RevTalk, but nothing for SHA-2 - anyone
know of one?
--
Richard Gaskin
Fourth World
Rev training and consulting: http://www.fourthworld.com
Webzine for Rev developers: http://www.revjournal.com
revJournal blog: http://revjournal.com/blog.irv
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
