On Wed, Sep 08, 2004 at 11:48:45PM +0100, Steve Kemp wrote: > If we're already going to go to the effort of hashing every > single file in the archive for MD5 ignoring SHA1 seems like > false economy.
Why don't you drop MD5 hashing? It's become cryptographically possible to generate a collision [1] on a known MD5 hash, so one can assume that a determined attacker will try very hard to find one, if someone relies on it. So if there's too much output, you might as well only use SHA-1. Simon [1] http://eprint.iacr.org/2004/199.pdf
