However, I suspect that the exploit did not require different length strings
I saw two messages produced using the weakness, and they had the same length.
Now for the question of what counts as a "good" hash. MD5 apparently is not it.
Some uses would not be affected by its vulnerability. For example, password hashing would not be affected, since finding a message that has a given hash hasn't been broken. Yet. Attacks only get better.
Due to concerns about "collision resistance", the US Government has deprecated even SHA1 with the intent of requiring all federal agencies to use only SHA2 by 2010
I believe SHA-2 (aka SHA-224, SHA-256, SHA-384 and SHA-512) is also related to MD5 and SHA-1, but the attack against MD5 hasn't been shown to be feasible against SHA-2 yet.
In light of these attacks and the lack of alternatives to this family of hashes, NIST launched a search to find a new hashing algorithm, to be dubbed SHA-3.
Where SHA-2 favours 32-bit processors, SHA-3 will favour 64-bit processors.
In reply to Re^2: (OT)Speculation: 128-bit digest + 64-bit length (192-bits) is more reliable and unique than a 256-digest alone.
by ikegami
in thread (OT)Speculation: 128-bit digest + 64-bit length (192-bits) is more reliable and unique than a 256-digest alone.
by BrowserUk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |