JP Vossen on 25 Mar 2014 13:28:05 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] check for a file being transmitted via ftp |
On 03/25/2014 04:23 PM, Matt Mossholder wrote:
Unless you are trying to prove something hasn't been -maliciously- altered, MD5 is more than adequate. It is perfectly fine to use MD5 for detecting transmission errors. That is part of the reason that attack indicators are frequently posted as MD5s... in the extremely unlikely event that there happens to be a collision, the impact is pretty negligible.
Totally true. But... There is also no reason not to get into a better habit.
Per http://www.kb.cert.org/vuls/id/836068 Do not use the MD5 algorithmSoftware developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use.
Later, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug