SHA question
Peter Corlett
abuse at cabal.org.uk
Thu Jan 14 15:22:40 GMT 2010
On 14 Jan 2010, at 14:16, Mark Fowler wrote:
[...]
> I'd just use Digest::MD5 to calculate the filesize. It's cheap
> compared to SHA, you don't care about the exact cryptographic security
> of the hash, and will work even if you don't have the original to
> compare again.
I assume you wrote "filesize" when you meant "digest".
You should consider MD5 compromised unless you know for sure that your problem does not need to defend against the relatively low-effort birthday attack against it. At this point in time, you shouldn't be considering anything weaker than SHA-256 for new code.
Choosing the weak MD5 over SHA-256 because it's faster or produces a shorter key is just premature optimisation.
More information about the london.pm
mailing list