Re: [ANN] MD5 1.0.2 Released

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] MD5 1.0.2 Released
From: Gé Weijers <ge@...>
Date: Wed, 9 May 2007 07:08:09 -0400

For those who have not kept track of developments in cryptography lately:

The MD5 and SHA1 algorithms are both vulnerable to collision attacks faster than brute force, in the case of MD5 the attack only takes hours on a desktop machine. A collision attack is an attack that finds strings a, b where a ~= b but hash(a) == hash(b).

This may or may not be a problem depending on what you use these algorithms for, and how you use them. If you are digitally signing strings provided by others it is a problem, because your signature matches more than one string.

I have a Lua module that implements SHA-256 for anyone that wants it. I have only tested it on Mac OS X, but it should work anywhere, and it comes with a

Lua program that validates the module. I'm using the same license as Lua 5.1.

Gé

On May 8, 2007, at 8:19 PM, Andre Carregal wrote:

MD5 offers basic cryptographic facilities for Lua 5.1: a hash (digest)
function, and a pair crypt/decrypt.

Version 1.0.2 is compatible with Lua 5.1.

MD5 is part of the Kepler Project and can be found at
http://www.keplerproject.org/md5

MD5 is free software and uses the same license as Lua 5.1.

Any comments and feedback are welcome.

André

Gé Weijers

ge@weijers.org

Follow-Ups:
- RE: [ANN] MD5 1.0.2 Released (OT), Richter, Jörg

References:
- [ANN] MD5 1.0.2 Released, Andre Carregal

Prev by Date: Re: Lua DLL name (Was: [ANN] LuaODE 0.3)
Next by Date: RE: [ANN] MD5 1.0.2 Released (OT)
Previous by thread: [ANN] MD5 1.0.2 Released
Next by thread: RE: [ANN] MD5 1.0.2 Released (OT)
Index(es):
- Date
- Thread