[Cryptography] Bloom filter question
David Kane-Parry
dkp at ldd.org
Wed Aug 6 08:21:32 EDT 2025
On 4 Aug 2025, at 22:32, Jon Callas <jon at callas.org> wrote:
> Lastly, there's another reason to use SipHash (or something else), and that is that there are people who will get triggered by MD5 and their brains will shut down. "MD5? Slowly, I turned, step by step..." They're going to tell you that you can't use MD5, it's not secure. They will not listen to you when you say that what you're really using it for is a sequence of 16-bit quantities that are mostly pseudorandom, and not anything else. And that 16-bit quantities are gonna have collisions because they're that small.
I am sympathetic. However, I have seen too many times where something broken-but-safe was used as a reference in a different context where something strong was needed. If one is adamant about keeping MD5, though, good comments can mitigate that risk. Something like...
// MD5 is a _broken_ cryptographic hash function, but we don't need cryptographic guarantees here.
A reviewer should naturally ask, then, why settle for MD5 when there are hash functions better suited to the system's needs?
- d.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250806/05f6176d/attachment.htm>
More information about the cryptography
mailing list