"MD5 considered harmful today"... but why?

If you've been following net.news in the past twenty-four to forty-eight hours you heard about what went down at the Chaos Computer Congress yesterday - a group of security researchers figured out how to exploit the flaws in the MD5 hash algorithm to forge CA certificates, thus placing SSL encryption as we know it in jeopardy.

...right? Breaking SSL is bad, yeah?

Like many things in life (and nearly everything in cryptography) it's not that simple or that straightforward. Yes, this is bad, but it's not "go back to punchcards" bad.

Let's take it step by step. First of all …


Signature Generator v1.1

This utility was designed to convert information about someone or something into a form better suited for magickal operations. It's written in Perl and outputs an MD5 message digest suitable for use in sigils, mantras, chanting, or what have you. Documentation is built in and displayed with the command signature_generator-1.1.pl --help.

The utility requires the Perl module Digest::MD5, which is included with most any copy of Perl these days.