Hacker News new | past | comments | ask | show | jobs | submit login

> Because a bunch of academics managed to create a collision after 2 weeks of trying on a beefed up machine? Really?

WTF?! Are you out of your mind? MD5 was exploited to falsify a real-world RapidSSL CA certificate... in 2008. MD5's weaknesses haven't been "academic" in years.

People reach for what they know, and most do not have the capacity to determine the security of cryptographic algorithms in any particular context. Getting them to stop using it at all is the surest way to get them to stop using it where it's critical.

> MD5 is much faster than SHA-2.

Largely irrelevant in today's world. Single-threaded, my two year old laptop runs over 125MB/sec through SHA256, and around 100MB/sec through SHA512. SHA-2 is not a major bottleneck.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact