[XeTeX] \(pdf)mdfivesum

George N. White III gnwiii at gmail.com
Thu Jul 2 17:23:45 CEST 2015

On Thu, Jul 2, 2015 at 12:09 PM, Joseph Wright <
joseph.wright at morningstar2.co.uk> wrote:

> On 02/07/2015 05:54, mskala at ansuz.sooke.bc.ca wrote:
> > If MD5 is necessary for compatibility with some existing standard, so be
> > it; but it's not secure anymore and it shouldn't be used in any new
> design
> > where there's a concern about possible deliberate tampering, as opposed
> to
> > accidental errors.  SHA1 is deprecated, too.  I think SHA256 is the
> > current "best practice."
> Depends what you are using it for. Collisions are possible in MD5 so
> it's no longer suitable for cryptographic applications. Here, however,
> we are talking about avoiding the more prosaic issues of people having
> not-quite matching sources. (We are *not* talking about signing
> documents.) For the use case I have in mind MD5 will happily do the job.

Maybe your use case is enough at present, but the other use cases (some
already mentioned) may become important in the future.   It makes sense
to implement MD5 in a way that anticipates future additions/enhancements.

George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/xetex/attachments/20150702/e21e9128/attachment-0001.html>

More information about the XeTeX mailing list