Friday, April 4, 2008

On Doug Crockford's MD5 hash suggestion

For those out of the loop, I'm referring to this and this.

Simon Willison dug up this neat intro to hash-related attacks that is well-worth reading, especially if you're not too security-savvy. I blogged about this type of attacks a few months ago here.

This whole discussion suggests two things to me: 1 - that it's dangerous to rely on technology you don't understand, and 2 - that it's time to start considering better hashing algorithms.


  1. I have never recommended use of MD5.

  2. Hmm, I was positive you said MD5. My mistake then. SHA-1 seems to be broken too and those two are arguably some of the most popular hashing algorithms. In any case, my critique is mostly about the use of hashing as a means of content authentication, not any one algorithm in particular.

    Imho, there's a lot of misconceptions surrounding the use of hashes, and one of the most common misconceptions is that it's secure to use a hash to verify the authenticity of an arbitrarily large blob of publicly available raw data.

    Even for algorithms that are currently considered collision-detection-resistant, one can't simply ignore news like the one about Kraken, that mathematical calculations can be offloaded to now-more-mainsrteam-than-ever graphics cards and that every hashing algorithm is still crackable by brute force, if no better cracking algorithms are available.