[PATCH] Allow printing key digests in key edit

Robert J. Hansen rjh at sixdemonbag.org
Mon Jan 30 18:33:08 CET 2012

On 1/30/12 9:44 AM, Werner Koch wrote:
> Even the for many common usages actually broken MD5, still holds strong
> when used as the digest in a HMAC.  For SHA-1 we even don't known how to
> compute a collision.

It's also worth noting that "actually broken" might not mean broken at all.

In the United States, MD5 has been used in literally thousands of court
cases.  Programs like md5sum and m5deep have been examined by state and
federal courts time and again, and have been judged to meet the courts'
standards for the admission of scientific evidence.  Nowadays if you
want to introduce an MD5 checksum of a file as proof that the file
hasn't changed, the courts will accept that.

SHA-1 has less support from the courts.  You probably won't get your
evidence thrown out for lack of proper process, but why take the risk
when MD5 can be used instead?

The SHA-2 family are almost unknown in the courts.  If you're the first
person presenting a SHA512 or a WHIRLPOOL hash in a courtroom, suddenly
you're going to have a rough time of things as you repeat all the
challenges that MD5 went through when it first came out.

I know a few forensic investigators who use both SHA256 and MD5 in their
professional work.  When they inventory a file system they compute and
store both sets of hashes.  They might use SHA256 themselves, but when
it comes time to testify in court they present the MD5s.  If and when
courts decide MD5 no longer is credible they'll have SHA256es to fall
back upon, but for now they play the game according to the rules the
courts have set up: and according to them, MD5 hasn't been broken.

More information about the Gnupg-devel mailing list