[XeTeX] \(pdf)mdfivesum

George N. White III gnwiii at gmail.com
Thu Jul 2 17:23:45 CEST 2015


On Thu, Jul 2, 2015 at 12:09 PM, Joseph Wright <
joseph.wright at morningstar2.co.uk> wrote:

> On 02/07/2015 05:54, mskala at ansuz.sooke.bc.ca wrote:
> > If MD5 is necessary for compatibility with some existing standard, so be
> > it; but it's not secure anymore and it shouldn't be used in any new
> design
> > where there's a concern about possible deliberate tampering, as opposed
> to
> > accidental errors.  SHA1 is deprecated, too.  I think SHA256 is the
> > current "best practice."
>
> Depends what you are using it for. Collisions are possible in MD5 so
> it's no longer suitable for cryptographic applications. Here, however,
> we are talking about avoiding the more prosaic issues of people having
> not-quite matching sources. (We are *not* talking about signing
> documents.) For the use case I have in mind MD5 will happily do the job.
>

Maybe your use case is enough at present, but the other use cases (some
already mentioned) may become important in the future.   It makes sense
to implement MD5 in a way that anticipates future additions/enhancements.

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/xetex/attachments/20150702/e21e9128/attachment-0001.html>


More information about the XeTeX mailing list