On 02/07/2015 05:54, msk...@ansuz.sooke.bc.ca wrote: > If MD5 is necessary for compatibility with some existing standard, so be > it; but it's not secure anymore and it shouldn't be used in any new design > where there's a concern about possible deliberate tampering, as opposed to > accidental errors. SHA1 is deprecated, too. I think SHA256 is the > current "best practice."
Depends what you are using it for. Collisions are possible in MD5 so it's no longer suitable for cryptographic applications. Here, however, we are talking about avoiding the more prosaic issues of people having not-quite matching sources. (We are *not* talking about signing documents.) For the use case I have in mind MD5 will happily do the job. -- Joseph Wright -------------------------------------------------- Subscriptions, Archive, and List information, etc.: http://tug.org/mailman/listinfo/xetex
