[Cryptography] Bloom filter question

[Jerry Leichter]

>> Lastly, there's another reason to use SipHash (or something else), and that is that there are people who will get triggered by MD5 and their brains will shut down….
> 
> I am sympathetic. However, I have seen too many times where something broken-but-safe was used as a reference in a different context where something strong was needed. If one is adamant about keeping MD5, though, good comments can mitigate that risk.
A number of years back, I used MD5 in a perfectly safe context - only to have the code called out by some security scanner that had a list of “verboten” library calls.  As I recall I simply re-implemented the algorithm and gave it a different name (as there were, and likely still are, scanners that trigger on the name itself.)  I think there was some persistent data that relied on sticking to the same algorithm so just replacing MD5 was not an option.

I could probably have convinced our own security team of the safety of the original code, it would still have needed to change as many customers run their own scanners and would raise issues.  Not worth the hassle.

While I understand the sentiment here - there are just too many *bad* uses of security primitives out there, so catching what at the time was plenty of inappropriate legacy uses was reasonable - I’m left wondering how many *bad* uses were found and “fixed” by the same subterfuge I used.

                                          -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250807/0207b1af/attachment.htm>