I get … a reference? All I know about MD5 is that (1) it shows up in the same UNIX man page as sha1, (2) it’s a command in Macintosh UNIX, and (3) it’s a cryptographic hash.
MD5 isn’t very useful as a cryptographic hash these days. It’s not hard to find collisions for a given hash or create two plaintexts with the same hash. In fact, this has been used to create a rogue certificate authority. SHA-1 is looking pretty weak, but finding or constructing collisions with it is still infeasible.
To quote a certain BBC television presenter: oh, cock. Is there a better cryptographic hash than those two commonly available?
Edit: Let me clarify—of course they’re out there, but I was hoping to pick something which is very easy to find, install, and use among those interested. (Anything with a reputable website I could link to for Windows & UNIX downloads would be fine, I’m sure.)
ggreer@carbon:~$ echo “The quick brown fox jumps over the lazy dog” | shasum -a 224
62e514e536e4ed4633eeec99d60f97b4d95889227975d975b2ad0de3 -
ggreer@carbon:~$ echo “The quick brown fox jumps over the lazy dog” | shasum -a 512
a12ac6bdd854ac30c5cc5b576e1ee2c060c0d8c2bec8797423d7119aa2b962f7f30ce2e39879cbff0109c8f0a3fd9389a369daae45df7d7b286d7d98272dc5b1 -
Take a look at the shasum man pages for more parameters.
Yes − 10.5.8. With drop damage, so it’s not practical or economical to invest in an upgrade. (Am considering the purchase of a netbook as a replacement sometime in the unspecified probably-more-than-a-year-from-now future.)
MD5? Colluder!
I get … a reference? All I know about MD5 is that (1) it shows up in the same UNIX man page as sha1, (2) it’s a command in Macintosh UNIX, and (3) it’s a cryptographic hash.
I’m really just ripping off AngryParsley.
MD5 isn’t very useful as a cryptographic hash these days. It’s not hard to find collisions for a given hash or create two plaintexts with the same hash. In fact, this has been used to create a rogue certificate authority. SHA-1 is looking pretty weak, but finding or constructing collisions with it is still infeasible.
To quote a certain BBC television presenter: oh, cock. Is there a better cryptographic hash than those two commonly available?
Edit: Let me clarify—of course they’re out there, but I was hoping to pick something which is very easy to find, install, and use among those interested. (Anything with a reputable website I could link to for Windows & UNIX downloads would be fine, I’m sure.)
Yup. There’s SHA-2 and some other algorithms. Right now the NIST is holding a contest for SHA-3. It’s narrowed down to 14 candidates. The winner will be announced in 2012.
ETA: Really though, unless you’re some super-spy, SHA-1 should be good enough until stronger hashes become common.
I don’t even have SHA-2 on my computer—SHA-1 hash added to original comment.
shasum should support all the algorithms:
Take a look at the shasum man pages for more parameters.
Unfortunately, I don’t have shasum on my MacBook—I had to use openssl.
Are you using an earlier version of OS X? I’m on 10.6 and it looks like shasum comes with 10.6.
Yes − 10.5.8. With drop damage, so it’s not practical or economical to invest in an upgrade. (Am considering the purchase of a netbook as a replacement sometime in the unspecified probably-more-than-a-year-from-now future.)