MD5 digests of very big files
ambassador at fourthworld.com
Tue Jun 29 16:30:06 CDT 2010
Alejandro Tejada wrote:
> My question is: Which other operations are needed in
> this quasiMD5 function to produce true MD5 digests
> of big files?
The MD5 algo is a great way for quick data validation for internal use,
but for more serious use (like verifying a distro) I don't think anyone
uses MD5 anymore - from Wikipedia:
MD5 was designed by Ron Rivest in 1991 to replace an
earlier hash function, MD4. In 1996, a flaw was found
with the design of MD5. While it was not a clearly
fatal weakness, cryptographers began recommending the
use of other algorithms, such as SHA-1 (which has
since been found also to be vulnerable). In 2004, more
serious flaws were discovered, making further use of
the algorithm for security purposes questionable.
In 2007 a group of researchers described how to create
a pair of files that share the same MD5 checksum.
In an attack on MD5 published in December 2008, a group
of researchers used this technique to fake SSL certificate
validity. US-CERT of the U. S. Department of
Homeland Security said MD5 "should be considered
cryptographically broken and unsuitable for further
use," and most U.S. government applications will
be required to move to the SHA-2 family of hash
functions after 2010.
I've seen some SHA-1 hashes in RevTalk, but nothing for SHA-2 - anyone
know of one?
Rev training and consulting: http://www.fourthworld.com
Webzine for Rev developers: http://www.revjournal.com
revJournal blog: http://revjournal.com/blog.irv
More information about the use-livecode