Skip to content

Fix for MD2, MD4 and MD5 Are Weak Hash Functions #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
softsectest wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix for MD2, MD4 and MD5 Are Weak Hash Functions #11

softsectest wants to merge 1 commit into from

Conversation

@softsectest
Copy link
Owner

@softsectest softsectest commented Sep 11, 2020

Issue Link

A weakness in the MD5 cryptographic hash function can result in a high number of different messages with the same MD5 hash (known as a "collision"). Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function can lead to theoretical attack scenarios; however, more recent work has proven that this scenario can be exploited in practice. This exposes any system which relies on the MD5 hashing mechanism to a realistic threat of attack. It should be noted that the SHA-1 algorithm has also been found to exhibit a lack of collision resistance.

MD2, MD4, MD5 are not recommended and a replacement such as SHA-2 (-224, -256, -384, -512) should be considered

Here is a bad example using unsafe MD5:

MessageDigest aBadDigest = MessageDigest.getInstance("MD5");

Which should be replaced with at least a SHA-2 algorithm:

MessageDigest aBetterDigest = MessageDigest.getInstance("SHA-256");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@softsectest