Cocoa mail archive
Re: [NSPipe pipe] returning nil (running out of filehandles?)
FROM : Michael Ash
DATE : Wed Apr 02 18:28:49 2008
On Wed, Apr 2, 2008 at 12:19 PM, John Stiles <<email_removed>> wrote:
> I take it all back; in 2007 there was an MD5 attack discovered which
> actually allows for completely different binaries that sign the same. Check
> Wikipedia for the details, but basically MD5 is totally broken now. Wow,
> times change!!
>
> SHA-1 it is, if security is a concern.
While SHA-1 has not yet been broken, there are worrying signs. Related
and weakened versions have been broken, SHA-1 itself has been "broken"
by algorithms which are still impractically expensive but much cheaper
than brute force, and it's generally accepted that the full SHA-1 is
just a matter of time. It's premature to start ripping SHA-1 out of
existing code, but if you are writing new code for which security is a
concern, it's best to start using one of the SHA-2 family of hashes.
Mike
DATE : Wed Apr 02 18:28:49 2008
On Wed, Apr 2, 2008 at 12:19 PM, John Stiles <<email_removed>> wrote:
> I take it all back; in 2007 there was an MD5 attack discovered which
> actually allows for completely different binaries that sign the same. Check
> Wikipedia for the details, but basically MD5 is totally broken now. Wow,
> times change!!
>
> SHA-1 it is, if security is a concern.
While SHA-1 has not yet been broken, there are worrying signs. Related
and weakened versions have been broken, SHA-1 itself has been "broken"
by algorithms which are still impractically expensive but much cheaper
than brute force, and it's generally accepted that the full SHA-1 is
just a matter of time. It's premature to start ripping SHA-1 out of
existing code, but if you are writing new code for which security is a
concern, it's best to start using one of the SHA-2 family of hashes.
Mike
