On Jul 20, 2005, at 5:26 AM, Tonnerre wrote:

> Don't allow MD5! Also, SHA1 is a candidate that shouldn't be  
> trusted just
> like this. Why?
>
>  - people might use it
>  - people might decide to use it for security relevant functions
>  - people are thereby prone to the typical MD5 bit flipping attacks  
> et al.
>
> I'm talking myself blue in the face on that: Don't use md5.

We're not talking about a digital signature algorithm here.  We're  
simply talking about a checksum that can be used to ensure that the  
bits on disk landed in memory correctly.  There is no reason to  
disallow MD5 for this.

-- thorpej