Hacker News new | past | comments | ask | show | jobs | submit login

Not only that but MD5 still doesn't have an effective preimage attack, so it is still good enough for things like hashing passwords or to check is someone else didn't tamper with your files.

Still, when it comes to security:

- MD5 is actually too fast for hashing passwords, but there is still no better way than bruteforce if you want to crack md5-hashed-salted passwords.

- Even if there is no effective preimage attack now, it is still not a good idea to use an algorithm with known weaknesses, especially if something better is available.

What MD5 is useless for is digital signature. Anyone can produce two different documents with the same MD5.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: