|For those who have not kept track of developments in cryptography lately:|
The MD5 and SHA1 algorithms are both vulnerable to collision attacks faster than brute force, in the case of MD5 the attack only takes hours on a desktop machine. A collision attack is an attack that finds strings a, b where a ~= b but hash(a) == hash(b).
This may or may not be a problem depending on what you use these algorithms for, and how you use them. If you are digitally signing strings provided by others it is a problem, because your signature matches more than one string.
I have a Lua module that implements SHA-256 for anyone that wants it. I have only tested it on Mac OS X, but it should work anywhere, and it comes with a
Lua program that validates the module. I'm using the same license as Lua 5.1.
On May 8, 2007, at 8:19 PM, Andre Carregal wrote: