Musings - 8th December 2004

Slashdot mentioned today that MD5 To Be Considered Harmful Someday (PDF here).

I must admit, I was quite suprised by the way that the attack takes place. I'd always been under the impression that the collisions in the MD5 algorithm were collisions with data of vastly different sizes. Instead, it appears that it is possible to swap out chunks of a file to produce the same MD5 hash.

Thankfully, it appears that SHA1 (which I am quite suprised is a W3C specification) is not (yet) vulnerable to this attack. However, as was noted on Slashdot, by the entire way a hashing algorithm works you expect there to be some collisions. If you want no collisions, then just use the raw binary data.

Also this morning, I came across an interesting post by Drew McLellan titled Mental Clarity. Anyone who has been involved developing a project larger than "Hello World" knows what he is talking about. My response is here.