These are the old pages from the weblog as they were published at Cornell. Visit for up-to-date entries.

August 18, 2004

Oops, MD5 is broken

Ed Felten writes in Report from Crypto 2004:

Where does this leave us? MD5 is fatally wounded; its use will be phased out. SHA-1 is still alive but the vultures are circling. A gradual transition away from SHA-1 will now start.

I am not that much into crypto to get excited about it, but I do have a lot of software that uses MD5 style hashing. I hate to think that it is all broken. Let just rename MD5 into PGH: Pretty Good Hashing, until we have another cheap hashing algorithm that we believe is good enough.

Posted by Werner Vogels at August 18, 2004 12:55 PM