ChatGPT discussion: In non-security applications, is MD5 preferable? (opens in new tab)

(chatgpt.com)

5 pointsrowbin5mo ago4 comments

4 comments

Reads like Chatty was a bit annoyed at you. And it remains the expert, not you!

You kind of have to push LLMs to self-evaluate for good answers, although I am not sure what I would take from this on a technical level. I would use MD5 for non-security applications, I even think you could use it in a security context if you really know how collisions can be created and if that would interfere with your application of it. Better advice is to not do that of course.

Although thinking about it. What are non-security applications of hashes? Database indexing comes to mind, where a collision avoidance is the opposite you want. So what remains? For file integrity I would use SHA-2 something, but I don't see how MD5 would perform worse. Are there more obvious applications?

Perhaps the initial answer isn't really technically correct, but I wouldn't say it is bad advice.

rowbinOP5mo ago

Interesting, I'd love to see some more opinions on this. I find the instant "MD5 is broken, don't use it advice" harmful. Not all applications are security related or need absolute highest speed. I actually had use cases in multiple hobby projects, but of course that doesn't there are many.

For example in a distributed event based LAN chat, I used MD5 for an "integrity chain". Every new event id is the hash of the old event id + some random bytes. This way you can easily find the last matching event two systems have in common. Just a random id isn't enough, when two instances integrate an event from a third system, while one of the two added a new event just before that.

No security needed, speed doesn't matter much, it is not designed for high throughput. MD5 seems like a very good choice, because it's easy to work with and can be verified on every system.

raxxorraxor5mo ago

As far as I know and that information is probably way out of date, such an integrity chain on MD5 could be compromised as someone would be able to switch out some important bytes (switch the byte with a toggle on "I do NOT want to buy this very expensive washing machine") while keeping the hash value intact. So using MD5 as a signature check on documents like invoices going through unsafe channels is not safe.

But this is a security case that requires a hostile actor. If the problem is just checking for data integrity or in this case data identity without there being a danger for manipulation, MD5 should perform fine. I don't see a problem with your use case. I am no expert here and there are probably more optimal hashes, but MD5 has the advantage of being widely implemented in all kinds of systems.

Because understanding the intrinsic weakness of hashes isn't trivial, many just recommend "MD5 is broken, don't use it". I think this is just to be on the safe side. Many applications would probably be fine, but because to err on the side of caution is safer, people sometimes say that MD5 is the worst hash function ever conceived.

1 more reply

j / k navigate · click thread line to collapse

4 comments

raxxorraxor5mo ago

Reads like Chatty was a bit annoyed at you. And it remains the expert, not you!

Perhaps the initial answer isn't really technically correct, but I wouldn't say it is bad advice.

rowbinOP5mo ago

No security needed, speed doesn't matter much, it is not designed for high throughput. MD5 seems like a very good choice, because it's easy to work with and can be verified on every system.

raxxorraxor5mo ago

1 more reply

j / k navigate · click thread line to collapse