I use the PHP MD5 to to generate an etag so that some dumb search engine can figure it out whether my page has been edited or not
reading some IT news, said the MD5 was rather weak and was being used to hack Windows update.
So does PHP support SHA or other hashes so I can look at new options?
rethinking MD5
Moderator: General Moderators
rethinking MD5
Hardcore Games™ Legendary is the Only Way to Play™
My site is powered by LAMP
My site is powered by LAMP
Re: rethinking MD5
Weak how? Weak at what? It's worthless for storing password hashes, for instance, but is still widely used to verify the integrity of downloads, for instance. PHP does indeed support a number of hashing algorithms, but I'm not convinced a change is required.Vegan wrote:reading some IT news, said the MD5 was rather weak
Re: rethinking MD5
I am simply wanting to see if other options are available, when I see security bulletins I like to make sure nothing is left unchecked
Hardcore Games™ Legendary is the Only Way to Play™
My site is powered by LAMP
My site is powered by LAMP
Re: rethinking MD5
MD5 isn't good for cryptography but you're not using cryptography.
What you're using MD5 for is perfectly fine. The only way it could be abused is if someone uploaded content, to the same URL, that had an identical MD5 hash, and identical after accounting for whatever factors you've configured for your ETag, and putting aside that you would have much larger problems all they would do is affect when the browser requests fresh content.
What you're using MD5 for is perfectly fine. The only way it could be abused is if someone uploaded content, to the same URL, that had an identical MD5 hash, and identical after accounting for whatever factors you've configured for your ETag, and putting aside that you would have much larger problems all they would do is affect when the browser requests fresh content.
Re: rethinking MD5
I switched MD5 to SHA1 mainly to modernize the code
are there other choices that are can be substituted
are there other choices that are can be substituted
Code: Select all
<?php header("ETag: " . sha1(date("YmdHis", getlastmod()))); ?>
Hardcore Games™ Legendary is the Only Way to Play™
My site is powered by LAMP
My site is powered by LAMP
Re: rethinking MD5
Yes, see the list of hashing algorithms I posted above. I still maintain that md5 is perfectly suited for this task as creating digests of data is precisely what it was designed to do.