<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Jul 2, 2015 at 12:09 PM, Joseph Wright <span dir="ltr"><<a href="mailto:joseph.wright@morningstar2.co.uk" target="_blank">joseph.wright@morningstar2.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 02/07/2015 05:54, <a href="mailto:mskala@ansuz.sooke.bc.ca">mskala@ansuz.sooke.bc.ca</a> wrote:<br>
> If MD5 is necessary for compatibility with some existing standard, so be<br>
> it; but it's not secure anymore and it shouldn't be used in any new design<br>
> where there's a concern about possible deliberate tampering, as opposed to<br>
> accidental errors. SHA1 is deprecated, too. I think SHA256 is the<br>
> current "best practice."<br>
<br>
</span>Depends what you are using it for. Collisions are possible in MD5 so<br>
it's no longer suitable for cryptographic applications. Here, however,<br>
we are talking about avoiding the more prosaic issues of people having<br>
not-quite matching sources. (We are *not* talking about signing<br>
documents.) For the use case I have in mind MD5 will happily do the job.<br></blockquote><div><br></div><div>Maybe your use case is enough at present, but the other use cases (some </div><div>already mentioned) may become important in the future. It makes sense </div><div>to implement MD5 in a way that anticipates future additions/enhancements. </div><div><br></div></div>-- <br><div class="gmail_signature">George N. White III <<a href="mailto:aa056@chebucto.ns.ca" target="_blank">aa056@chebucto.ns.ca</a>><br>Head of St. Margarets Bay, Nova Scotia</div>
</div></div>