[Full-disclosure] MD5 algorithm considered toxic (and harmful)

[coderman]

On Dec 1, 2007 5:06 AM, Kristian Erik Hermansen
<kristian.hermansen at gmail.com> wrote:
> [MD5 is dead like WEP]

yup.


> And since Chinese researchers have been
> attacking SHA-1 lately, should SHA-256 be considered the proper
> replacement?

SHA2 is good.  (so 256 or 512).  the design differs from SHA1 and
avoids the weaknesses being exploited against this hash func.

still, ~2^69 collision resistance for SHA1 is a world of security
better than MD5.  iMD5 is really dead, lingering only to feast on the
brains of the unawares...