MD5 digests of very big files

Bob Sneidar bobs at twft.com
Tue Jun 29 16:57:47 CDT 2010


Yes MD5 is supremely hackable, or should I say hashable. There are hash tables that contain the MD5 hash for an almost unlimited number of possible keys, and the algorithm is also easily crackable these days.

Bob


On Jun 29, 2010, at 2:30 PM, Richard Gaskin wrote:

> Alejandro Tejada wrote:
> 
>> My question is: Which other operations are needed in
>> this quasiMD5 function to produce true MD5 digests
>> of big files?
> 
> The MD5 algo is a great way for quick data validation for internal use, but for more serious use (like verifying a distro) I don't think anyone uses MD5 anymore - from Wikipedia:
> 
> 
>  MD5 was designed by Ron Rivest in 1991 to replace an
>  earlier hash function, MD4. In 1996, a flaw was found
>  with the design of MD5. While it was not a clearly
>  fatal weakness, cryptographers began recommending the
>  use of other algorithms, such as SHA-1 (which has
>  since been found also to be vulnerable). In 2004, more
>  serious flaws were discovered, making further use of
>  the algorithm for security purposes questionable.[3][4]
>  In 2007 a group of researchers described how to create
>  a pair of files that share the same MD5 checksum.[5]
>  In an attack on MD5 published in December 2008, a group
>  of researchers used this technique to fake SSL certificate
>  validity.[6][7]  US-CERT of the U. S. Department of
>  Homeland Security said MD5 "should be considered
>  cryptographically broken and unsuitable for further
>  use,"[8]  and most U.S. government applications will
>  be required to move to the SHA-2 family of hash
>  functions after 2010.[9]
> 
> <http://en.wikipedia.org/wiki/MD5>
> 
> I've seen some SHA-1 hashes in RevTalk, but nothing for SHA-2 - anyone know of one?
> 
> --
> Richard Gaskin
> Fourth World
> Rev training and consulting: http://www.fourthworld.com
> Webzine for Rev developers: http://www.revjournal.com
> revJournal blog: http://revjournal.com/blog.irv
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution




More information about the use-livecode mailing list