lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

For those who have not kept track of developments in cryptography lately:

The MD5 and SHA1 algorithms are both vulnerable to collision attacks faster than brute force, in the case of MD5 the attack only takes hours on a desktop machine. A collision attack is an attack that finds strings a, b where a ~= b but hash(a) == hash(b). 

This may or may not be a problem depending on what you use these algorithms for, and how you use them. If you are digitally signing strings provided by others it is a problem, because your signature matches more than one string.

I have a Lua module that implements SHA-256 for anyone that wants it. I have only tested it on Mac OS X, but it should work anywhere, and it comes with a
Lua program that validates the module. I'm using the same license as Lua 5.1.

On May 8, 2007, at 8:19 PM, Andre Carregal wrote:

MD5 offers basic cryptographic facilities for Lua 5.1: a hash (digest)
function, and a pair crypt/decrypt.

Version 1.0.2 is compatible with Lua 5.1.

MD5 is part of the Kepler Project and can be found at

MD5 is free software and uses the same license as Lua 5.1.

Any comments and feedback are welcome.


Gé Weijers