On Thu, 2 Jul 2015, Ross Moore wrote: > MD5 sums are also required pieces of data with some of the modern PDF > standards, such as PDF/A, PDF/UA, and especially whenever attachments > are included. They are part of the bookkeeping data that can be used to > ensure that embedded files are indeed what was intended, and have not > been intercepted and changed by Malware.
If MD5 is necessary for compatibility with some existing standard, so be it; but it's not secure anymore and it shouldn't be used in any new design where there's a concern about possible deliberate tampering, as opposed to accidental errors. SHA1 is deprecated, too. I think SHA256 is the current "best practice." -- Matthew Skala msk...@ansuz.sooke.bc.ca People before principles. http://ansuz.sooke.bc.ca/ -------------------------------------------------- Subscriptions, Archive, and List information, etc.: http://tug.org/mailman/listinfo/xetex
