On Friday, 17 January 2014 at 11:37:26 UTC, Kagamin wrote:
MD5 is good enough for most cases.
For any use where security isn't an actual concern, sure. If it's just to casually verify that a file transferred successfully (like an alternative to a checksum), then it's fine to use. But don't use it to secure anything against an attacker at this point.
AFAIK, keccak uses weird bit fiddling. Wasn't it considered a bad practice since DES because a specialized hardware would give a considerable speedup, which will help in brute force attacks?
Actually, the idea is that it _should_ be implemented in specialized hardware to make it faster. And improving brute force attacks in this manner will only provide a multiplicative increase in speed, and that's not a concern. The overall strategy of using brute force isn't going to be turned from infeasible to feasible because of that. It's still completely infeasible to find two different messages s.t. their SHA-3 hash is equal.
