The review of std.hash package
ReneSac
reneduani at yahoo.com.br
Wed Aug 15 08:11:03 PDT 2012
On Wednesday, 15 August 2012 at 14:36:00 UTC, José Armando
García Sancio wrote:
> Some people's point is that MD5 was consider a cryptographic
> digest
> function 16 years ago. It is not consider cryptographically
> secure
> today. So why make any design assumption today on how the
> landscape
> will look tomorrow? Specially on a field that is always
> changing. Why
> not lumped them all together and explain the current situation
> and
> recommendation in the comments.
>
> Looks at Python's passlib module for example. They enumerate
> every
> password encoding scheme under the sun (except for scrypt :()
> and give
> a recommendation on the appropriate algorithm to use in the
> current
> computing landscape.
> http://packages.python.org/passlib/lib/passlib.hash.html#module-passlib.hash
>
> Thanks,
> -Jose
I agree that MD5 isn't cryptographically secure anymore, but it
was designed as a cryptographic hash algorithm, and it shows.
It's statistical and performance proprieties are completely
different from CRCs, and no matter how broken, it still has a
little of cryptographic strength (no practical preimage attack
was found till this date, for example).
Note that in the Python passlib, there is no mention to CRC, FNV,
ROT13, etc. Their place is different.
More information about the Digitalmars-d
mailing list