|Being Unreasonable About MD5
||[Aug. 24th, 2012|08:59 am]
Yesterday Jon Stewart asked an open question as to whether it would be reasonable to use MD5 as an equality test. To test the equality of two inputs A and B, compute the MD5 hashes H(A) and H(B). If H(A) == H(B), assume A == B. This is not a bad assumption, as the odds of two randomly chosen unique inputs having the same MD5 hash are vanishingly small.
I strongly reccommend against using such a system, however, because of the weakness of the MD5 algorithm.
People have talked about and demonstrated, repeatedly, that MD5 is broken. Not just in the theoretical sense, but how a netbook can generate MD5 collisions in just a few seconds.
Continuing to use MD5 when there are other ready alternatives is lazy and best and irresponsible at worst. The SHA-2 family of hashes can be used as a drop in replacement for MD5, along with Whirlpool, Tiger, or any of the SHA-3 finalists .
Sure, it would be reasonable to use MD5 for Jon's application. But to paraphrase George Bernard Shaw , we must be unreasonable if we expect to see any changes. I have made a commitment to be unreasonable on this matter. I will no longer use or condone the use of MD5 in new systems. I urge you to do this as well.
Jon, please use an algorihtm in the SHA-2 family or, if you can wait for a little while, SHA-3. I will, of course, write a sha3deep for the Hashdeep suite when it's published. But if you need something to use in the short-term I would be willing to help you out!
 The National Institute of Stanards and Technology has selected five SHA-3 candidate algorithms: BLAKE, Grøstl, JH, Keccak, and Skein. http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
 "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." — George Bernard Shaw.