The Curious Case of MD5

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Python Avx collisions spack Intel

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • collisions

    Hash collisions and exploitations

    • That is still an attack on the second preimage or a collision resistance properties of the hash function. Most collisions do work this way, for example see [1].

    [1] https://github.com/corkami/collisions

  • spack

    A flexible package manager that supports multiple versions, configurations, platforms, and compilers.

    • > I can't count the number of times I've seen people say "md5 is fine for use case xyz" where in some counterintuitive way it wasn't fine.

    I can count many more times that people told me that md5 was "broken" for file verification when, in fact, it never has been.

    My main gripe with the article is that it portrays the entire legal profession as "backwards" and "deeply negligent" when they're not actually doing anything unsafe -- or even likely to be unsafe. And "tech" knows better. Much of tech, it would seem, has no idea about the use cases and why one might be safe or not. They just know something's "broken" -- so, clearly, we should update.

    > Just use a safe one, even if you think you "don't need it".

    Here's me switching 5,700 or so hashes from md5 to sha256 in 2019: https://github.com/spack/spack/pull/13185

    Did I need it? No. Am I "compliant"? Yes.

    Really, though, the main tangible benefit was that it saved me having to respond to questions and uninformed criticism from people unnecessarily worried about md5 checksums.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • sha256-simd

    Accelerate SHA256 computations in pure Go using AVX512, SHA Extensions for x86 and ARM64 for ARM. On AVX512 it provides an up to 8x improvement (over 3 GB/s per core). SHA Extensions give a performance boost of close to 4x over native.

    • BLAKE3 is faster than hardware accelerated SHA-2 because the tree mode used in BLAKE3 allows hashing parts of a single message in parallel (with SHA-2, parts of a single message have to be hashed one after another, and parallelism is only used in workloads where you process multiple messages at the same time).

    https://github.com/minio/sha256-simd

    https://github.com/BLAKE3-team/BLAKE3

  • bao

    an implementation of BLAKE3 verified streaming

    • Thanks! I've added a note about this here: https://github.com/oconnor663/bao/issues/41#issuecomment-119.... Does that sound like an accurate summary to you?

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts