On Friday, 17 January 2014 at 13:11:57 UTC, Chris Cain wrote:
On Friday, 17 January 2014 at 11:37:26 UTC, Kagamin wrote:
MD5 is good enough for most cases.
For any use where security isn't an actual concern, sure. If
it's just to casually verify that a file transferred
successfully (like an alternative to a checksum), then it's
fine to use. But don't use it to secure anything against an
attacker at this point.
There's no successful preimage attack on MD5, which is the only
deadly attack on a hash function. SHA3 is just more convenient
than MD5 because when you want to change the hash function, you
don't have to ditch the whole system, only change its parameters.
AFAIK, keccak uses weird bit fiddling. Wasn't it considered a
bad practice since DES because a specialized hardware would
give a considerable speedup, which will help in brute force
attacks?
Actually, the idea is that it _should_ be implemented in
specialized hardware to make it faster.
That's rather inconvenient, that you can't have an efficient
implementation of the algorithm on common hardware. MD5 family
has no such flaw.
And improving brute force attacks in this manner will only
provide a multiplicative increase in speed, and that's not a
concern. The overall strategy of using brute force isn't going
to be turned from infeasible to feasible because of that. It's
still completely infeasible to find two different messages s.t.
their SHA-3 hash is equal.
You assume that Moore's law doesn't and won't work. Write asserts
for assumptions.
