Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:20073
Return-Path: <r.korving@xit.nl>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 7817 invoked by uid 1010); 16 Nov 2005 18:37:13 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 7798 invoked from network); 16 Nov 2005 18:37:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Nov 2005 18:37:13 -0000
X-Host-Fingerprint: 81.68.134.212 c514486d4.cable.wanadoo.nl  
Received: from ([81.68.134.212:6570] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 0C/77-07637-85C7B734 for <internals@lists.php.net>; Wed, 16 Nov 2005 13:37:12 -0500
Message-ID: <0C.77.07637.85C7B734@pb1.pair.com>
To: internals@lists.php.net
References: <20051115221143.GA28082@hardened-php.net> <437B08C8.20804@iamjochem.com> <437B0C46.3080809@php.net> <75.66.07637.9497B734@pb1.pair.com> <437B7B73.602@prohost.org>
Date: Wed, 16 Nov 2005 19:37:02 +0100
Lines: 31
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Posted-By: 81.68.134.212
Subject: Re: [PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support
From: r.korving@xit.nl ("Ron Korving")


"Ilia Alshanetsky" <ilia@prohost.org> wrote in message
news:437B7B73.602@prohost.org...
> Ron Korving wrote:
> > I just read this news that an MD5 collision can now be done by anyone in
45
> > minutes (avg) on a P4 1.6 GHz:
> >
http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228
> > http://www.stachliu.com.nyud.net:8090/collisions.html
> >
> > MD5 as the standard for hashing is definately history. All the more
reason
> > for sha256- and alike-functions.
>
> If you've read the article closely you'll know that while an impressive
> trick, collisions cannot be generated arbitrarily. The program generates
> both of the values that result in the same md5 hash . You cannot give it
> an md5 and have it generate you a string with the same md5 hash, so md5
> is still relatively safe.
>
> Ilia

Perhaps... for now... I'm no crypto expert and don't aim to be one, but when
I read the /. responses, a lot of people find MD5 dead and gone. Even if
they're wrong, the public will expect functions in PHP to replace the md5
functions. Just my 2 cents, I'm not even trying to start an argument here ;)

Ron