MD5 digests of very big files

Richard Gaskin ambassador at fourthworld.com
Tue Jun 29 16:30:06 CDT 2010


Alejandro Tejada wrote:

> My question is: Which other operations are needed in
> this quasiMD5 function to produce true MD5 digests
> of big files?

The MD5 algo is a great way for quick data validation for internal use, 
but for more serious use (like verifying a distro) I don't think anyone 
uses MD5 anymore - from Wikipedia:


   MD5 was designed by Ron Rivest in 1991 to replace an
   earlier hash function, MD4. In 1996, a flaw was found
   with the design of MD5. While it was not a clearly
   fatal weakness, cryptographers began recommending the
   use of other algorithms, such as SHA-1 (which has
   since been found also to be vulnerable). In 2004, more
   serious flaws were discovered, making further use of
   the algorithm for security purposes questionable.[3][4]
   In 2007 a group of researchers described how to create
   a pair of files that share the same MD5 checksum.[5]
   In an attack on MD5 published in December 2008, a group
   of researchers used this technique to fake SSL certificate
   validity.[6][7]  US-CERT of the U. S. Department of
   Homeland Security said MD5 "should be considered
   cryptographically broken and unsuitable for further
   use,"[8]  and most U.S. government applications will
   be required to move to the SHA-2 family of hash
   functions after 2010.[9]

<http://en.wikipedia.org/wiki/MD5>

I've seen some SHA-1 hashes in RevTalk, but nothing for SHA-2 - anyone 
know of one?

--
  Richard Gaskin
  Fourth World
  Rev training and consulting: http://www.fourthworld.com
  Webzine for Rev developers: http://www.revjournal.com
  revJournal blog: http://revjournal.com/blog.irv



More information about the use-livecode mailing list