JP Vossen on 25 Mar 2014 13:28:05 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] check for a file being transmitted via ftp

On 03/25/2014 04:23 PM, Matt Mossholder wrote:
Unless you are trying to prove something hasn't been -maliciously- altered,
MD5 is more than adequate. It is perfectly fine to use MD5 for detecting
transmission errors.

That is part of the reason that attack indicators are frequently posted as
MD5s... in the extremely unlikely event that there happens to be a
collision, the impact is pretty negligible.

Totally true. But... There is also no reason not to get into a better habit.

	Do not use the MD5 algorithm
Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use.

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --