"I don't know if you guys have been keeping up with current events, but MD5 just got its ass kicked!" - with apologies to Private Hudson
It's been known for some time in the crypto world that MD5 is weak, that there are shortcuts to finding hash collisions. Recently, that weakness has turned into a full-fledged failure: It is now possible to quickly and easily craft two very different files with identical MD5 hashes. MD5 is dead. Don't use it. Similarly, we should avoid SHA-1 for any permanent purpose, though in the short term it's not quite dead yet. No one has demonstrated an ability to create SHA-1 collisions on demand (as far as I've heard, anyway), but SHA-1 is "a wounded fish in shark-infested waters"[*], and an MD5-scale failure may be just a matter of time. So what should we use for hashing? Two good choices I know of: * The SHA-2 family (including SHA-256 and other variants) is showing no signs of weakness AFAIK. * Whirlpool [**] seems strong enough too; Bruce Schneier describes it as "a good choice". Ah, crypto is such fun. [*] http://www.networkworld.com/news/2005/110105-nist-crypto.html [**] http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html -- Chip Salzenberg <[EMAIL PROTECTED]>
