I'd like to push back on the other risk, that someone might figure out how to
make MD5 second-pre-images. I don't think this is a risk that we need to
urgently address, and I've written a short note explaining why. This note is
incomplete, badly edited, has not been peer-reviewed, and is not ready for
publication, but I thought it might help folks evaluate how urgent it is to
upgrade from MD5, so here it is.
I don't think it's urgent to fix it, but I think it's a good security hardening effort
with very little downside and very little chance of regression. However, as I
said if Holger, or anyone else, has a concern about the affects of adding this
bit of security hardening to give us a safety net again then I simply won't do
it in the simple API.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA