Greg Donald wrote:
> On Thu, Nov 20, 2008 at 12:21 PM, Peter Woodsky <peter / iwebsl.com> 
> wrote:
>> require 'digest/md5'
> 
> MD5 is no longer secure:
> 
> http://www.google.com/search?q=md5+broken
> 
> 
> There are a number of MD5 lookup dictionaries already online for a
> couple years now, for example:
> 
> http://gdataonline.com/seekhash.php
> http://passcracking.com/

I think you're confusing two things.

1. MD5 has been broken, in the sense that you can make two versions of a 
document with the same MD5 hash

2. You can have lookup dictionaries for hashes. However the same could 
be done for SHA1 or any other hash, and does not depend on (1).

But in any case:

* the OP's algorithm has a salt. If well chosen (random and long 
enough), this should eliminate the dictionary attack. (It would be 
better if it were a HMAC construction though)

* the OP seems to have no choice in the algorithm to use anyway

* the OP wasn't asking for security advice :-)
-- 
Posted via http://www.ruby-forum.com/.