MD5 is vulnerable in the sense that you can generate collisions (i.e. if you have a hash, you can come up with something that returns that hash). Like any hash, it’s not reversible. It’s computationally cheap, so may be vulnerable to brute-forcing, but it’s hard to imagine that any sentence of moderate length (such as, for example, this one) could be brute-forced. The search space just becomes too large. But there’s virtually-nil cost to using a more secure hash, so whatever.


That makes MD5 a very poor choice for a hash post, as you could conceivably attack it by finding an incriminating statement that has the same hash, forcing the person to reveal their true statement.

I think SHA-256 should be safe, at least for the next couple of years.

Not really. You can find a statement that has the same hash, but no guarantee you can find an incriminating statement that has the same hash – it might very well be “H4f#¤TFDadffgd”

Hash collision is a problem for security*, not for secrecy.

*I will happily elaborate how it is a problem if you want it

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s