On Thursday 08 Mar 2007, Ben Doom wrote: > MD5 is an older standard. I don't remember what it stands for. It is > still widely used for signing things like software downloads (look for > it where you download Linux CDs or on Sourceforge). It is not secure > the same way the lock on my door isn't secure -- it's defeatable, but > it's a good deterrent.
It's not defeatable in any useful sense. If I give you a file, you can't change it to some other file of your choosing (optionally plus lots of random data on the end) and have the MD5 hash match. There was some excitement over two PDF files that had the same hash but different content, but the initial content had to be well chosen. Likewise, if I give you a MD5 hash of my password, you can't tell me what my password is. Still, I think the advice is that new build systems should use SHA<large number> where possible. -- Tom Chiverton Helping to quickly syndicate exceptional data On: http://thefalken.livejournal.com **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272127 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4