SHA question

Peter Corlett abuse at
Thu Jan 14 15:22:40 GMT 2010

On 14 Jan 2010, at 14:16, Mark Fowler wrote:
> I'd just use Digest::MD5 to calculate the filesize.  It's cheap
> compared to SHA, you don't care about the exact cryptographic security
> of the hash, and will work even if you don't have the original to
> compare again.

I assume you wrote "filesize" when you meant "digest".

You should consider MD5 compromised unless you know for sure that your problem does not need to defend against the relatively low-effort birthday attack against it. At this point in time, you shouldn't be considering anything weaker than SHA-256 for new code.

Choosing the weak MD5 over SHA-256 because it's faster or produces a shorter key is just premature optimisation.

More information about the mailing list