Re: Re: Why applying MD5 hash twice?

Please don't ever use code like this, for several reasons:

The code is obfuscated, and therefore the only point of it is to display the author's cleverness. It was not meant to be used as a library.
Chances are, you don't understand it on a mere glance. Using code you don't understand can lead to "Cargo Cult Programming", which is a dangerous habit to fall into.
Worse, since the code is (intentionally) difficult to read, it probably hasn't had any peer review. This code could have bugs or security holes. Encryption code that hasn't had some kind of intense peer evaluation should *NEVER EVER* be used.

If you want to use the SHA algorithm, please use Digest::SHA2 or Digest::SHA1.

Comment on Re: Re: Why applying MD5 hash twice?

Replies are listed 'Best First'.
Re: Re: Re: Why applying MD5 hash twice? by shotgunefx (Parson) on Sep 09, 2003 at 21:51 UTC
I agree with what your saying, but to play devils advocate, 2. could apply to a lot of people who use CPAN. -Lee "To be civilized is to deny one's nature."	[reply]
Re: Re: Re: Re: Why applying MD5 hash twice? by jryan (Vicar) on Sep 10, 2003 at 02:32 UTC
Yeah, you're right. Luckily, the author is Gisle Aas, and that's an author I trust. :)	[reply]
Re: Re: Re: Re: Re: Why applying MD5 hash twice? by shotgunefx (Parson) on Sep 10, 2003 at 07:12 UTC
I'll second that. -Lee "To be civilized is to deny one's nature."	[reply]
Re: Re: Re: Why applying MD5 hash twice? by JackHammer (Acolyte) on Sep 10, 2003 at 04:03 UTC
I would just like to make sure we are all clear that md5 is NOT an encryption algorithm, it is a hashing algorithm, and yes there is a big difference. But I do agree with you that encryption algorithms that have not had years of review should never be used.	[reply]
Re: Re: Re: Why applying MD5 hash twice? by wufnik (Friar) on Sep 10, 2003 at 17:04 UTC
my purpose in posting the code was mainly to draw attention to what i considered an ingenious piece of code, and possibly also to the cypherspace site. the code would not be appropriate for use in another script mostly because of it's obfuscated nature, but also because of the perl command line args that need to be used. apologies if this was unclear. Given this, I should say, the goal here is obviously art, sadly not mine. While i would not use the 3 line perl/bc RSA in anger, or the above SHA, or MD5 in 8 lines, more directly relevant, i still find them all a powerful demonstration of perl's beauty. thus the inclusion. ...wufnik -- in the world of the mules there are no rules --	[reply]