
MD5 is dead - nickb
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
======
mojuba
I think hashing your sequence twice with different salt suffixes will make it
much stronger, if not unbreakable for the next decade. Or am I missing
something?

So, for input sequence t a better hash can be computed as

    
    
      md5(md5(t + salt1) + salt2)
    

Once computers get more powerful just add one more step with saltN, and so on.

Upd: length of t can be included in calculation as well.

------
cstejerean
Well this is all good in theory, except that it requires the attacker to
modify both the good file and the bad file to make them have the same MD5.

This is a more interesting attack vector for things like attacking digital
signatures than untrusted binaries.

~~~
gojomo
If you can create matching hash pairs at will, the interesting attack in
binaries is to distribute one that acquires a trusted reputation under the
shared hash, then at a later date replace it with the problem one.

Not too bad of a risk if diverse hashes are often used and people promptly
move away from any hashes that demonstrate collisions; could be a nasty
surprise if the collision is privately discovered and sprung at an inopportune
moment, or people keep trusting an older hash after collisions start appearing
in the wild.

------
rms
Sha-1 it is, then. I wonder how long it will take the bittorrent protocol to
switch.

~~~
utnick
sha-1 will eventually be compromised most likely

probably better to use sha-1 and md5 together, that way even if both are
broken, it is very unlikely that an evil person will be able to create a
fakefile that has the same sha-1 AND md5 hash as the realfile

~~~
dfranke
Just use SHA-2.

