On Tuesday, June 16 2015, Svetlana A. Tkachenko wrote:

> The Digest::MD5 module allows you to use the RSA Data Security
> Inc. MD5 Message Digest algorithm from within Perl programs. The
> algorithm takes as input a message of arbitrary length and produces as
> output a 128-bit "fingerprint" or "message digest" of the input.
>
> Note that the MD5 algorithm is not as strong as it used to be. It has
> since 2005 been easy to generate different messages that produce the
> same MD5 digest. It still seems hard to generate messages that produce
> a given digest, but it is probably wise to move to stronger algorithms
> for applications that depend on the digest to uniquely identify a
> message.
>
> The Digest::MD5 module provide a procedural interface for simple use,
> as well as an object oriented interface that can handle messages of
> arbitrary length and which can read files directly.

I can understand the reason for wanting this module packaged, but I am
also a bit concerned about providing more tools to "encourage" the use
of MD5.  As has been mentioned above, this algorithm is not strong and
contains several security flaws.

There's an interesting discussion going on the coreutils mailing list
about a possible substitute:

  <http://lists.gnu.org/archive/html/coreutils/2015-08/msg00031.html>

Anyway, my two cents.

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

Reply via email to