At 3:33 PM -0700 10/22/02, Mars Saxman wrote:
Here's the first paragraph of RFC 1321, which describes MD5:
The algorithm takes as input a message of arbitrary length and produces
as output a 128-bit "fingerprint" or "message digest" of the input.
It is conjectured that it is computationally infeasible to produce
two messages having the same message digest, or to produce any
message having a given prespecified target message digest. The MD5
algorithm is intended for digital signature applications, where a
large file must be "compressed" in a secure manner before being
encrypted with a private (secret) key under a public-key cryptosystem
such as RSA.
This is good stuff; we should make this a bit plainer and get it into
the documentation.
So, would all agree that the following are sensible uses of the MD5 function?
- checksum a file to see if it has changed
- quick check to see if two files have the same content
- store the MD5 hash of a password, so you don't have to keep the
actual password anywhere it might be discovered (and then when the
user enters their password again, MD5 it and compare it to what you
stored before)
?
Thanks,
- Joe
--
,------------------------------------------------------------------.
| Joseph J. Strout REAL Software, Inc. |
| joe at realsoftware dot com http://www.realsoftware.com |
`------------------------------------------------------------------'
---
A searchable archive of this list is available at:
<http://dbserver.realsoftware.com/KBDB/search.php>
Unsubscribe:
<mailto:realbasic-betas-off at lists dot realsoftware dot com>
Subscribe to the digest:
<mailto:realbasic-betas-digest at lists dot realsoftware dot com>
.
|