Having said that, your question lacks anything Perl specific. You've more chance of getting a useful answer in a more appropriate forum - md5 isn't language specific.

While not Perl specific huguei's question is most certainly Perl related. For example tons of people writing web-apps (which he refers to Apache so probably his case as well) are using MD5 for sessions. I'm sure there are tons of other uses in Perl. Besides, there's not an "MD5 monks" that I'm aware of, and while there may be some place else that has the answer there are certainly plenty of experts here (yourself included) that have it as well and I don't see why it is any less valid.

Also the post is helpful to people like me who had no knowledge of this vulnerability

My 2 cents

The problem with that reasoning is that someone else argues along the same lines. There are tons of people writing Windows applications, so we should discuss all Windows vulnerability here. However, the original post wasn't about warning us about a newly discovered vulnerability, it has been known for years. The original post was a question: what's that exploit?.

I fail to see how that's Perl related, or why this forum is an appropriate place to ask. The fact that there isn't an "MD5 monks" doesn't make this appropriate either. There are a billion things for which there's no "X monks", does that mean all questions about them should be asked here?

However, while there isn't an MD5 website in the same form as perlmonks, there is a whole lot of information about MD5 readily available on the web. For instance, at the website of the developers of the MD5 algorithm, RSA (www.rsasecurity.com). They have a FAQ, which discusses MD5 - and guess what? The FAQ discusses the vulnerabilities as well.

Abigail

Hi Abigail.
The reason that i posted this question here was cause the book that i was reading was written by Lincoln Stein and Doug MacEachern, and Stein is the perl CGI module creator.

Also, the book uses perl as programming language and, as cfreak notes, it's cgi-related.

I don't focuse my post in the warning of the vulnerability itself, because is well documented (for example, this post describes the solution)

So, i expected that some big perlmonger could give me some answers. That's all.

Having said that, your question lacks anything Perl specific. You've more chance of getting a useful answer in a more appropriate forum - md5 isn't language specific.

I agree with what Abigail-II said: you do have a better chance of getting a useful answer in another forum. However, what's the opinion of the Monks about OT posts to PM? I've always felt that one of the strengths of PM was not just the opinions regarding perl, but also the opinions regarding problem solving, sw design, experiences with X, etc.

Naturally it would be a shame to see PM flooded with non-perl noise and cease to become an excellent resource for perl programming... but does that mean we should exclude questions that aren't strictly related to the use of perl?

Also the following thread demonstrates that people here do enjoy sounding off about non-perl topics... I dunno if that reflects that Monks are chatty folks or something else.

Thoughts/recommendations? I recently did a writeup that was not strictly perl and was rewarded with 0 replies (as of 5pm EST yesterday), so it's certainly author beware. update: I got some replies after I went home. :) I just want to know if that kind of thing should be frowned upon (and those kinds of writeups not be approved by the Powers-That-Be).

AH