Maybe it's time to move up to MD6?

Apparently MD5 isn't good for uniquely identifying data any more. I didn't really read the article and don't understand all of it, but I think I get at least one of the implications.

"...there is the viewpoint of the relying party, i.e. the user downloading hashed or signed code who needs some guarantee that this software can be trusted. This relying party can not be sure anymore that the published hash value or the digital signature is valid for only the executable file he downloaded."


Post a Comment