[XeTeX] \(pdf)mdfivesum

Joseph Wright joseph.wright at morningstar2.co.uk
Thu Jul 2 17:09:36 CEST 2015

On 02/07/2015 05:54, mskala at ansuz.sooke.bc.ca wrote:
> If MD5 is necessary for compatibility with some existing standard, so be
> it; but it's not secure anymore and it shouldn't be used in any new design
> where there's a concern about possible deliberate tampering, as opposed to
> accidental errors.  SHA1 is deprecated, too.  I think SHA256 is the
> current "best practice."

Depends what you are using it for. Collisions are possible in MD5 so
it's no longer suitable for cryptographic applications. Here, however,
we are talking about avoiding the more prosaic issues of people having
not-quite matching sources. (We are *not* talking about signing
documents.) For the use case I have in mind MD5 will happily do the job.
Joseph Wright

More information about the XeTeX mailing list