Is there really no use for MD5 anymore? Announcing the arrival of Valued Associate #679: Cesar...

Do I need to protect SFP ports and optics from dust/contaminants? If so, how?

"Rubric" as meaning "signature" or "personal mark" -- is this accepted usage?

What does a straight horizontal line above a few notes, after a changed tempo mean?

Long vowel quality before R

How do I prove this combinatorial identity

Multiple fireplaces in an apartment building?

What is it called when you ride around on your front wheel?

std::unique_ptr of base class holding reference of derived class does not show warning in gcc compiler while naked pointer shows it. Why?

What is the best way to deal with NPC-NPC combat?

How do I check if a string is entirely made of the same substring?

Does Mathematica have an implementation of the Poisson binomial distribution?

How to have a sharp product image?

Protagonist's race is hidden - should I reveal it?

Is Bran literally the world's memory?

How long after the last departure shall the airport stay open for an emergency return?

Was Dennis Ritchie being too modest in this quote about C and Pascal?

Why didn't the Space Shuttle bounce back into space as many times as possible so as to lose a lot of kinetic energy up there?

Why does Arg'[1. + I] return -0.5?

Jaya, Venerated Firemage + Chandra's Pyrohelix = 4 damage among two targets?

I preordered a game on my Xbox while on the home screen of my friend's account. Which of us owns the game?

How does the mezzoloth's teleportation work?

A strange hotel

What to do with someone that cheated their way through university and a PhD program?

Will I lose my paid in full property



Is there really no use for MD5 anymore?



Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?What differentiates a password hash from a cryptographic hash besides speed?A question regarding relevance of vulnerability of MD5 when linking multiple records togetherCould a very long password theoretically eliminate the need for a slow hash?TCR hash functions from MD5Collision attacks on digital signaturesChecksum vs. non-cryptographic hashIs using a broken SHA-1 for password hashing secure?Unable to implement Client and Server Side Hashing (Validation problem)Keyspace in truncated MD5 hash?Very difficult hashing function?












2












$begingroup$


I read an article about password schemes that makes two seemingly conflicting claims:




MD5 is broken; it’s too slow to use as a general purpose hash; etc



The problem is that MD5 is fast




I know that MD5 should not be used for password hashing, and that it also should not be used for integrity checking of documents. There are way too many sources citing MD5 preimaging attacks and MD5s low computation time.



However, I was under the impression that MD5 still can be used as a non-cryptgraphic hash function:




  1. Identifying malicious files, such as when Linux Mint's download servers were compromised and an ISO file was replaced by a malicious one; in this case you want to be sure that your file doesn't match; collision attacks aren't a vector here.

  2. Finding duplicate files. By MD5-summing all files in a directory structure it's easy to find identical hashes. The seemingly identical files can then be compared in full to check if they are really identical. Using SHA512 would make the process slower, and since we compare files in full anyway there is no risk in a potential false positive from MD5. (In a way, this would be creating a rainbow table where all the files are the dictionary)


There are checksums of course, but from my experience, the likelihood of finding two different files with the same MD5 hash is very low as long as we can rule out foul play.



When the password scheme article states that "MD5 is fast", it clearly refers to the problem that hashing MD5 is too cheap when it comes to hashing a large amount of passwords to find the reverse of a hash. But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?










share|improve this question









$endgroup$








  • 2




    $begingroup$
    The collision attack is the problem, however, MD5 still has pre-image resistance.
    $endgroup$
    – kelalaka
    5 hours ago
















2












$begingroup$


I read an article about password schemes that makes two seemingly conflicting claims:




MD5 is broken; it’s too slow to use as a general purpose hash; etc



The problem is that MD5 is fast




I know that MD5 should not be used for password hashing, and that it also should not be used for integrity checking of documents. There are way too many sources citing MD5 preimaging attacks and MD5s low computation time.



However, I was under the impression that MD5 still can be used as a non-cryptgraphic hash function:




  1. Identifying malicious files, such as when Linux Mint's download servers were compromised and an ISO file was replaced by a malicious one; in this case you want to be sure that your file doesn't match; collision attacks aren't a vector here.

  2. Finding duplicate files. By MD5-summing all files in a directory structure it's easy to find identical hashes. The seemingly identical files can then be compared in full to check if they are really identical. Using SHA512 would make the process slower, and since we compare files in full anyway there is no risk in a potential false positive from MD5. (In a way, this would be creating a rainbow table where all the files are the dictionary)


There are checksums of course, but from my experience, the likelihood of finding two different files with the same MD5 hash is very low as long as we can rule out foul play.



When the password scheme article states that "MD5 is fast", it clearly refers to the problem that hashing MD5 is too cheap when it comes to hashing a large amount of passwords to find the reverse of a hash. But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?










share|improve this question









$endgroup$








  • 2




    $begingroup$
    The collision attack is the problem, however, MD5 still has pre-image resistance.
    $endgroup$
    – kelalaka
    5 hours ago














2












2








2





$begingroup$


I read an article about password schemes that makes two seemingly conflicting claims:




MD5 is broken; it’s too slow to use as a general purpose hash; etc



The problem is that MD5 is fast




I know that MD5 should not be used for password hashing, and that it also should not be used for integrity checking of documents. There are way too many sources citing MD5 preimaging attacks and MD5s low computation time.



However, I was under the impression that MD5 still can be used as a non-cryptgraphic hash function:




  1. Identifying malicious files, such as when Linux Mint's download servers were compromised and an ISO file was replaced by a malicious one; in this case you want to be sure that your file doesn't match; collision attacks aren't a vector here.

  2. Finding duplicate files. By MD5-summing all files in a directory structure it's easy to find identical hashes. The seemingly identical files can then be compared in full to check if they are really identical. Using SHA512 would make the process slower, and since we compare files in full anyway there is no risk in a potential false positive from MD5. (In a way, this would be creating a rainbow table where all the files are the dictionary)


There are checksums of course, but from my experience, the likelihood of finding two different files with the same MD5 hash is very low as long as we can rule out foul play.



When the password scheme article states that "MD5 is fast", it clearly refers to the problem that hashing MD5 is too cheap when it comes to hashing a large amount of passwords to find the reverse of a hash. But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?










share|improve this question









$endgroup$




I read an article about password schemes that makes two seemingly conflicting claims:




MD5 is broken; it’s too slow to use as a general purpose hash; etc



The problem is that MD5 is fast




I know that MD5 should not be used for password hashing, and that it also should not be used for integrity checking of documents. There are way too many sources citing MD5 preimaging attacks and MD5s low computation time.



However, I was under the impression that MD5 still can be used as a non-cryptgraphic hash function:




  1. Identifying malicious files, such as when Linux Mint's download servers were compromised and an ISO file was replaced by a malicious one; in this case you want to be sure that your file doesn't match; collision attacks aren't a vector here.

  2. Finding duplicate files. By MD5-summing all files in a directory structure it's easy to find identical hashes. The seemingly identical files can then be compared in full to check if they are really identical. Using SHA512 would make the process slower, and since we compare files in full anyway there is no risk in a potential false positive from MD5. (In a way, this would be creating a rainbow table where all the files are the dictionary)


There are checksums of course, but from my experience, the likelihood of finding two different files with the same MD5 hash is very low as long as we can rule out foul play.



When the password scheme article states that "MD5 is fast", it clearly refers to the problem that hashing MD5 is too cheap when it comes to hashing a large amount of passwords to find the reverse of a hash. But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?







hash md5






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 5 hours ago









jornanejornane

1483




1483








  • 2




    $begingroup$
    The collision attack is the problem, however, MD5 still has pre-image resistance.
    $endgroup$
    – kelalaka
    5 hours ago














  • 2




    $begingroup$
    The collision attack is the problem, however, MD5 still has pre-image resistance.
    $endgroup$
    – kelalaka
    5 hours ago








2




2




$begingroup$
The collision attack is the problem, however, MD5 still has pre-image resistance.
$endgroup$
– kelalaka
5 hours ago




$begingroup$
The collision attack is the problem, however, MD5 still has pre-image resistance.
$endgroup$
– kelalaka
5 hours ago










4 Answers
4






active

oldest

votes


















1












$begingroup$


But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?




BLAKE2 is faster than MD5 and currently known to provide 64-bit collision resistence when truncated to the same size as MD5 (compare ~30 of that of MD5).






share|improve this answer









$endgroup$





















    1












    $begingroup$

    There's not a compelling reason to use MD5; however, there are some embedded systems with a MD5 core that was used as a stream verifier. In those systems, MD5 is still used. They are moving to BLAKE2 because it's smaller in silicon, and it has the benefit of being faster than MD5 in general.



    The reason that MD5 started fall out of favor with hardware people was that the word reordering of the MD5 message expansions seems to be simple, but actually
    they require a lot of circuits for demultiplexing and interconnect, and the hardware efficiencies are greatly degraded compared to BLAKE. In contrast, the message expansion blocks for BLAKE algorithms can be efficiently implemented as simple feedback shift registers.



    The BLAKE team did a nice job of making it work well on silicon and in instructions.






    share|improve this answer









    $endgroup$





















      0












      $begingroup$

      A case where the use of the MD5-hash would still make sense (and low risk of deleting duplicated files):



      If you want to find duplicate files you can just use CRC32.



      As soon as two files return the same CRC32-hash you recompute the files with MD5 hash. If the MD5 hash is again identical for both files then you know that the files are duplicates.





      In a case of high risk by deleting files:



      You want the process to be fast: Instead use a hash function that's not vulnerable for a second hash of the files, i.e. SHA2 or SHA3. It's extremely unlikely that these hashes would return an identical hash.



      Speed is no concern: Compare the files byte per byte.






      share|improve this answer











      $endgroup$









      • 3




        $begingroup$
        If you want to be 100% sure, you compare both files byte per byte.
        $endgroup$
        – A. Hersean
        4 hours ago










      • $begingroup$
        Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
        $endgroup$
        – fkraiem
        4 hours ago






      • 4




        $begingroup$
        Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
        $endgroup$
        – Ruben De Smet
        4 hours ago










      • $begingroup$
        @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
        $endgroup$
        – JensV
        4 mins ago



















      0












      $begingroup$

      MD5 is used throughout the world both at home and in the enterprise. It's the file change mechanism within *nix's rsync if you opt for something other than changed timestamp detection. It's used for backup, archiving and file transfer between in-house systems. Even between enterprises over VPNs.



      Your comment that it "should not be used for integrity checking of documents" is interesting, as that's kinda what is done when transferring files (aka documents). A hacked file/document is philosophically a changed file/document. Yet if the adversary takes advantage of MD5's low collision resistance, file/document propagation through systems can be stopped. Carefully made changes can therefore go unnoticed by rsync, and attacks can occur. I expect that this is somewhat of a niche attack but illustrates the concept vis-à-vis MD5 being at the heart of many computer systems.






      share|improve this answer









      $endgroup$














        Your Answer








        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "281"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: false,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        noCode: true, onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70036%2fis-there-really-no-use-for-md5-anymore%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        4 Answers
        4






        active

        oldest

        votes








        4 Answers
        4






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        1












        $begingroup$


        But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?




        BLAKE2 is faster than MD5 and currently known to provide 64-bit collision resistence when truncated to the same size as MD5 (compare ~30 of that of MD5).






        share|improve this answer









        $endgroup$


















          1












          $begingroup$


          But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?




          BLAKE2 is faster than MD5 and currently known to provide 64-bit collision resistence when truncated to the same size as MD5 (compare ~30 of that of MD5).






          share|improve this answer









          $endgroup$
















            1












            1








            1





            $begingroup$


            But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?




            BLAKE2 is faster than MD5 and currently known to provide 64-bit collision resistence when truncated to the same size as MD5 (compare ~30 of that of MD5).






            share|improve this answer









            $endgroup$




            But what does it mean when it says that "[MD5 is] too slow to use as a general purpose hash"? Are there faster standardized hashes to compare files, that still have a reasonably low chance of collision?




            BLAKE2 is faster than MD5 and currently known to provide 64-bit collision resistence when truncated to the same size as MD5 (compare ~30 of that of MD5).







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 2 hours ago









            DannyNiuDannyNiu

            1,4051629




            1,4051629























                1












                $begingroup$

                There's not a compelling reason to use MD5; however, there are some embedded systems with a MD5 core that was used as a stream verifier. In those systems, MD5 is still used. They are moving to BLAKE2 because it's smaller in silicon, and it has the benefit of being faster than MD5 in general.



                The reason that MD5 started fall out of favor with hardware people was that the word reordering of the MD5 message expansions seems to be simple, but actually
                they require a lot of circuits for demultiplexing and interconnect, and the hardware efficiencies are greatly degraded compared to BLAKE. In contrast, the message expansion blocks for BLAKE algorithms can be efficiently implemented as simple feedback shift registers.



                The BLAKE team did a nice job of making it work well on silicon and in instructions.






                share|improve this answer









                $endgroup$


















                  1












                  $begingroup$

                  There's not a compelling reason to use MD5; however, there are some embedded systems with a MD5 core that was used as a stream verifier. In those systems, MD5 is still used. They are moving to BLAKE2 because it's smaller in silicon, and it has the benefit of being faster than MD5 in general.



                  The reason that MD5 started fall out of favor with hardware people was that the word reordering of the MD5 message expansions seems to be simple, but actually
                  they require a lot of circuits for demultiplexing and interconnect, and the hardware efficiencies are greatly degraded compared to BLAKE. In contrast, the message expansion blocks for BLAKE algorithms can be efficiently implemented as simple feedback shift registers.



                  The BLAKE team did a nice job of making it work well on silicon and in instructions.






                  share|improve this answer









                  $endgroup$
















                    1












                    1








                    1





                    $begingroup$

                    There's not a compelling reason to use MD5; however, there are some embedded systems with a MD5 core that was used as a stream verifier. In those systems, MD5 is still used. They are moving to BLAKE2 because it's smaller in silicon, and it has the benefit of being faster than MD5 in general.



                    The reason that MD5 started fall out of favor with hardware people was that the word reordering of the MD5 message expansions seems to be simple, but actually
                    they require a lot of circuits for demultiplexing and interconnect, and the hardware efficiencies are greatly degraded compared to BLAKE. In contrast, the message expansion blocks for BLAKE algorithms can be efficiently implemented as simple feedback shift registers.



                    The BLAKE team did a nice job of making it work well on silicon and in instructions.






                    share|improve this answer









                    $endgroup$



                    There's not a compelling reason to use MD5; however, there are some embedded systems with a MD5 core that was used as a stream verifier. In those systems, MD5 is still used. They are moving to BLAKE2 because it's smaller in silicon, and it has the benefit of being faster than MD5 in general.



                    The reason that MD5 started fall out of favor with hardware people was that the word reordering of the MD5 message expansions seems to be simple, but actually
                    they require a lot of circuits for demultiplexing and interconnect, and the hardware efficiencies are greatly degraded compared to BLAKE. In contrast, the message expansion blocks for BLAKE algorithms can be efficiently implemented as simple feedback shift registers.



                    The BLAKE team did a nice job of making it work well on silicon and in instructions.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 56 mins ago









                    b degnanb degnan

                    2,0921829




                    2,0921829























                        0












                        $begingroup$

                        A case where the use of the MD5-hash would still make sense (and low risk of deleting duplicated files):



                        If you want to find duplicate files you can just use CRC32.



                        As soon as two files return the same CRC32-hash you recompute the files with MD5 hash. If the MD5 hash is again identical for both files then you know that the files are duplicates.





                        In a case of high risk by deleting files:



                        You want the process to be fast: Instead use a hash function that's not vulnerable for a second hash of the files, i.e. SHA2 or SHA3. It's extremely unlikely that these hashes would return an identical hash.



                        Speed is no concern: Compare the files byte per byte.






                        share|improve this answer











                        $endgroup$









                        • 3




                          $begingroup$
                          If you want to be 100% sure, you compare both files byte per byte.
                          $endgroup$
                          – A. Hersean
                          4 hours ago










                        • $begingroup$
                          Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
                          $endgroup$
                          – fkraiem
                          4 hours ago






                        • 4




                          $begingroup$
                          Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
                          $endgroup$
                          – Ruben De Smet
                          4 hours ago










                        • $begingroup$
                          @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
                          $endgroup$
                          – JensV
                          4 mins ago
















                        0












                        $begingroup$

                        A case where the use of the MD5-hash would still make sense (and low risk of deleting duplicated files):



                        If you want to find duplicate files you can just use CRC32.



                        As soon as two files return the same CRC32-hash you recompute the files with MD5 hash. If the MD5 hash is again identical for both files then you know that the files are duplicates.





                        In a case of high risk by deleting files:



                        You want the process to be fast: Instead use a hash function that's not vulnerable for a second hash of the files, i.e. SHA2 or SHA3. It's extremely unlikely that these hashes would return an identical hash.



                        Speed is no concern: Compare the files byte per byte.






                        share|improve this answer











                        $endgroup$









                        • 3




                          $begingroup$
                          If you want to be 100% sure, you compare both files byte per byte.
                          $endgroup$
                          – A. Hersean
                          4 hours ago










                        • $begingroup$
                          Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
                          $endgroup$
                          – fkraiem
                          4 hours ago






                        • 4




                          $begingroup$
                          Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
                          $endgroup$
                          – Ruben De Smet
                          4 hours ago










                        • $begingroup$
                          @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
                          $endgroup$
                          – JensV
                          4 mins ago














                        0












                        0








                        0





                        $begingroup$

                        A case where the use of the MD5-hash would still make sense (and low risk of deleting duplicated files):



                        If you want to find duplicate files you can just use CRC32.



                        As soon as two files return the same CRC32-hash you recompute the files with MD5 hash. If the MD5 hash is again identical for both files then you know that the files are duplicates.





                        In a case of high risk by deleting files:



                        You want the process to be fast: Instead use a hash function that's not vulnerable for a second hash of the files, i.e. SHA2 or SHA3. It's extremely unlikely that these hashes would return an identical hash.



                        Speed is no concern: Compare the files byte per byte.






                        share|improve this answer











                        $endgroup$



                        A case where the use of the MD5-hash would still make sense (and low risk of deleting duplicated files):



                        If you want to find duplicate files you can just use CRC32.



                        As soon as two files return the same CRC32-hash you recompute the files with MD5 hash. If the MD5 hash is again identical for both files then you know that the files are duplicates.





                        In a case of high risk by deleting files:



                        You want the process to be fast: Instead use a hash function that's not vulnerable for a second hash of the files, i.e. SHA2 or SHA3. It's extremely unlikely that these hashes would return an identical hash.



                        Speed is no concern: Compare the files byte per byte.







                        share|improve this answer














                        share|improve this answer



                        share|improve this answer








                        edited 4 hours ago

























                        answered 5 hours ago









                        AleksanderRasAleksanderRas

                        3,1091937




                        3,1091937








                        • 3




                          $begingroup$
                          If you want to be 100% sure, you compare both files byte per byte.
                          $endgroup$
                          – A. Hersean
                          4 hours ago










                        • $begingroup$
                          Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
                          $endgroup$
                          – fkraiem
                          4 hours ago






                        • 4




                          $begingroup$
                          Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
                          $endgroup$
                          – Ruben De Smet
                          4 hours ago










                        • $begingroup$
                          @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
                          $endgroup$
                          – JensV
                          4 mins ago














                        • 3




                          $begingroup$
                          If you want to be 100% sure, you compare both files byte per byte.
                          $endgroup$
                          – A. Hersean
                          4 hours ago










                        • $begingroup$
                          Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
                          $endgroup$
                          – fkraiem
                          4 hours ago






                        • 4




                          $begingroup$
                          Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
                          $endgroup$
                          – Ruben De Smet
                          4 hours ago










                        • $begingroup$
                          @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
                          $endgroup$
                          – JensV
                          4 mins ago








                        3




                        3




                        $begingroup$
                        If you want to be 100% sure, you compare both files byte per byte.
                        $endgroup$
                        – A. Hersean
                        4 hours ago




                        $begingroup$
                        If you want to be 100% sure, you compare both files byte per byte.
                        $endgroup$
                        – A. Hersean
                        4 hours ago












                        $begingroup$
                        Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
                        $endgroup$
                        – fkraiem
                        4 hours ago




                        $begingroup$
                        Why use MD5 as a second step after CRC32 instead of SHA2/3 directly? It should make a negligible difference since, absent deliberate file corruption, CRC32 collisions should still be rare. And if you are concerned about deliberate file corruption, you don't use CRC32 nor MD5 in the first place.
                        $endgroup$
                        – fkraiem
                        4 hours ago




                        4




                        4




                        $begingroup$
                        Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
                        $endgroup$
                        – Ruben De Smet
                        4 hours ago




                        $begingroup$
                        Why use a second step after CRC32 at all? Compare the files byte-by-byte if you're going to read them again completely anyhow!
                        $endgroup$
                        – Ruben De Smet
                        4 hours ago












                        $begingroup$
                        @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
                        $endgroup$
                        – JensV
                        4 mins ago




                        $begingroup$
                        @RubenDeSmet I think it's because to compare them byte-by-byte you'd have to buffer both files to a certain limit (because of memory constraints) and compare those. This will slow down sequential read speeds because you need to jump between the files. If this actually makes any real world difference provided a large enough buffer size is beyond my knowledge.
                        $endgroup$
                        – JensV
                        4 mins ago











                        0












                        $begingroup$

                        MD5 is used throughout the world both at home and in the enterprise. It's the file change mechanism within *nix's rsync if you opt for something other than changed timestamp detection. It's used for backup, archiving and file transfer between in-house systems. Even between enterprises over VPNs.



                        Your comment that it "should not be used for integrity checking of documents" is interesting, as that's kinda what is done when transferring files (aka documents). A hacked file/document is philosophically a changed file/document. Yet if the adversary takes advantage of MD5's low collision resistance, file/document propagation through systems can be stopped. Carefully made changes can therefore go unnoticed by rsync, and attacks can occur. I expect that this is somewhat of a niche attack but illustrates the concept vis-à-vis MD5 being at the heart of many computer systems.






                        share|improve this answer









                        $endgroup$


















                          0












                          $begingroup$

                          MD5 is used throughout the world both at home and in the enterprise. It's the file change mechanism within *nix's rsync if you opt for something other than changed timestamp detection. It's used for backup, archiving and file transfer between in-house systems. Even between enterprises over VPNs.



                          Your comment that it "should not be used for integrity checking of documents" is interesting, as that's kinda what is done when transferring files (aka documents). A hacked file/document is philosophically a changed file/document. Yet if the adversary takes advantage of MD5's low collision resistance, file/document propagation through systems can be stopped. Carefully made changes can therefore go unnoticed by rsync, and attacks can occur. I expect that this is somewhat of a niche attack but illustrates the concept vis-à-vis MD5 being at the heart of many computer systems.






                          share|improve this answer









                          $endgroup$
















                            0












                            0








                            0





                            $begingroup$

                            MD5 is used throughout the world both at home and in the enterprise. It's the file change mechanism within *nix's rsync if you opt for something other than changed timestamp detection. It's used for backup, archiving and file transfer between in-house systems. Even between enterprises over VPNs.



                            Your comment that it "should not be used for integrity checking of documents" is interesting, as that's kinda what is done when transferring files (aka documents). A hacked file/document is philosophically a changed file/document. Yet if the adversary takes advantage of MD5's low collision resistance, file/document propagation through systems can be stopped. Carefully made changes can therefore go unnoticed by rsync, and attacks can occur. I expect that this is somewhat of a niche attack but illustrates the concept vis-à-vis MD5 being at the heart of many computer systems.






                            share|improve this answer









                            $endgroup$



                            MD5 is used throughout the world both at home and in the enterprise. It's the file change mechanism within *nix's rsync if you opt for something other than changed timestamp detection. It's used for backup, archiving and file transfer between in-house systems. Even between enterprises over VPNs.



                            Your comment that it "should not be used for integrity checking of documents" is interesting, as that's kinda what is done when transferring files (aka documents). A hacked file/document is philosophically a changed file/document. Yet if the adversary takes advantage of MD5's low collision resistance, file/document propagation through systems can be stopped. Carefully made changes can therefore go unnoticed by rsync, and attacks can occur. I expect that this is somewhat of a niche attack but illustrates the concept vis-à-vis MD5 being at the heart of many computer systems.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered 1 hour ago









                            Paul UszakPaul Uszak

                            7,80011638




                            7,80011638






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Cryptography Stack Exchange!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                Use MathJax to format equations. MathJax reference.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70036%2fis-there-really-no-use-for-md5-anymore%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                El tren de la libertad Índice Antecedentes "Porque yo decido" Desarrollo de la...

                                Puerta de Hutt Referencias Enlaces externos Menú de navegación15°58′00″S 5°42′00″O /...

                                Castillo d'Acher Características Menú de navegación