@xj9 CouchDB is awfully sketchy with their continued use of MD5.

@maxlath @xj9 I commented in that thread and my concerns were (incorrectly) dismissed.

The reason to use a cryptographic hash function like MD5 over a non-cryptographic hash is so that you can write code that ignores the possibility of collisions. Once the cryptographic hash function is broken - as with MD5 and SHA1 - that's no longer true. That broken assumption almost certainly creates bugs, and they're probably security bugs that allow users to at least corrupt your data.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!