On Thu, Jul 2, 2015 at 12:09 PM, Joseph Wright < joseph.wri...@morningstar2.co.uk> wrote:
> On 02/07/2015 05:54, msk...@ansuz.sooke.bc.ca wrote: > > If MD5 is necessary for compatibility with some existing standard, so be > > it; but it's not secure anymore and it shouldn't be used in any new > design > > where there's a concern about possible deliberate tampering, as opposed > to > > accidental errors. SHA1 is deprecated, too. I think SHA256 is the > > current "best practice." > > Depends what you are using it for. Collisions are possible in MD5 so > it's no longer suitable for cryptographic applications. Here, however, > we are talking about avoiding the more prosaic issues of people having > not-quite matching sources. (We are *not* talking about signing > documents.) For the use case I have in mind MD5 will happily do the job. > Maybe your use case is enough at present, but the other use cases (some already mentioned) may become important in the future. It makes sense to implement MD5 in a way that anticipates future additions/enhancements. -- George N. White III <aa...@chebucto.ns.ca> Head of St. Margarets Bay, Nova Scotia
-------------------------------------------------- Subscriptions, Archive, and List information, etc.: http://tug.org/mailman/listinfo/xetex