Re: Re: Why applying MD5 hash twice?

Having said that, your question lacks anything Perl specific. You've more chance of getting a useful answer in a more appropriate forum - md5 isn't language specific.

While not Perl specific huguei's question is most certainly Perl related. For example tons of people writing web-apps (which he refers to Apache so probably his case as well) are using MD5 for sessions. I'm sure there are tons of other uses in Perl. Besides, there's not an "MD5 monks" that I'm aware of, and while there may be some place else that has the answer there are certainly plenty of experts here (yourself included) that have it as well and I don't see why it is any less valid.

Also the post is helpful to people like me who had no knowledge of this vulnerability

My 2 cents

Lobster Aliens Are attacking the world!

Comment on Re: Re: Why applying MD5 hash twice?

Replies are listed 'Best First'.
Re: Why applying MD5 hash twice? by Abigail-II (Bishop) on Sep 09, 2003 at 20:47 UTC
The problem with that reasoning is that someone else argues along the same lines. There are tons of people writing Windows applications, so we should discuss all Windows vulnerability here. However, the original post wasn't about warning us about a newly discovered vulnerability, it has been known for years. The original post was a question: what's that exploit?. I fail to see how that's Perl related, or why this forum is an appropriate place to ask. The fact that there isn't an "MD5 monks" doesn't make this appropriate either. There are a billion things for which there's no "X monks", does that mean all questions about them should be asked here? However, while there isn't an MD5 website in the same form as perlmonks, there is a whole lot of information about MD5 readily available on the web. For instance, at the website of the developers of the MD5 algorithm, RSA (www.rsasecurity.com). They have a FAQ, which discusses MD5 - and guess what? The FAQ discusses the vulnerabilities as well. Abigail	[reply]
Re: Re: Why applying MD5 hash twice? by huguei (Scribe) on Sep 09, 2003 at 23:40 UTC
Hi Abigail. The reason that i posted this question here was cause the book that i was reading was written by Lincoln Stein and Doug MacEachern, and Stein is the perl CGI module creator. Also, the book uses perl as programming language and, as cfreak notes, it's cgi-related. I don't focuse my post in the warning of the vulnerability itself, because is well documented (for example, this post describes the solution) So, i expected that some big perlmonger could give me some answers. That's all.	[reply]