I think we should start moving away from MD5 as our main hash function. MD5 has known weaknesses so that an attacker can quite possibly create two files, differing maybe in a single bit or in quite a few bytes, but having the same MD5 checksum. Also, 128 bits are starting to be in the range that can be attacked by brute force with a "birtday attack", which requires only about 2^64 operations. Check out comp.risks, 19.14 for one possible attack using this scheme. There may be others.
An attractive alternative would be RIPEMD-160. SHA-1, another alternative, has the main problem that its design parameters are secret. Source code for RIPEMD-160 is avialiable, and the algorithm is in the public domain. For more information, you can check out http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html -- Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED] The joy of engineering is to find a straight line on a double logarithmic diagram. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
