The Curious Case of MD5

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Scout Monitoring - Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
www.scoutapm.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • collisions

    Hash collisions and exploitations

    That is still an attack on the second preimage or a collision resistance properties of the hash function. Most collisions do work this way, for example see [1].

    [1] https://github.com/corkami/collisions

  • Scout Monitoring

    Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

    Scout Monitoring logo
  • spack

    A flexible package manager that supports multiple versions, configurations, platforms, and compilers.

    > I can't count the number of times I've seen people say "md5 is fine for use case xyz" where in some counterintuitive way it wasn't fine.

    I can count many more times that people told me that md5 was "broken" for file verification when, in fact, it never has been.

    My main gripe with the article is that it portrays the entire legal profession as "backwards" and "deeply negligent" when they're not actually doing anything unsafe -- or even likely to be unsafe. And "tech" knows better. Much of tech, it would seem, has no idea about the use cases and why one might be safe or not. They just know something's "broken" -- so, clearly, we should update.

    > Just use a safe one, even if you think you "don't need it".

    Here's me switching 5,700 or so hashes from md5 to sha256 in 2019: https://github.com/spack/spack/pull/13185

    Did I need it? No. Am I "compliant"? Yes.

    Really, though, the main tangible benefit was that it saved me having to respond to questions and uninformed criticism from people unnecessarily worried about md5 checksums.

  • sha256-simd

    Accelerate SHA256 computations in pure Go using AVX512, SHA Extensions for x86 and ARM64 for ARM. On AVX512 it provides an up to 8x improvement (over 3 GB/s per core). SHA Extensions give a performance boost of close to 4x over native.

    BLAKE3 is faster than hardware accelerated SHA-2 because the tree mode used in BLAKE3 allows hashing parts of a single message in parallel (with SHA-2, parts of a single message have to be hashed one after another, and parallelism is only used in workloads where you process multiple messages at the same time).

    https://github.com/minio/sha256-simd

    https://github.com/BLAKE3-team/BLAKE3

  • bao

    an implementation of BLAKE3 verified streaming

    Thanks! I've added a note about this here: https://github.com/oconnor663/bao/issues/41#issuecomment-119.... Does that sound like an accurate summary to you?

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Spack – a multi-platform, multi-version package manager for OS X, Windows, Linux

    1 project | news.ycombinator.com | 5 Aug 2024
  • Autodafe: "freeing your freeing your project from the clammy grip of autotools."

    4 projects | news.ycombinator.com | 6 Apr 2024
  • FreeBSD has a(nother) new C compiler: Intel oneAPI DPC++/C++

    2 projects | news.ycombinator.com | 7 Mar 2024
  • Spack Package Manager v0.21.0

    1 project | news.ycombinator.com | 12 Nov 2023
  • Show HN: FlakeHub – Discover and publish Nix flakes

    2 projects | news.ycombinator.com | 22 Aug 2023

Did you konow that Python is
the 1st most popular programming language
based on number of metions?