[robertlagrant]

> Yes, they say, MD5 is broken for encryption, but since they’re not doing encryption, it’s fine for them to use it.

Unless I missed it, this article seems to not refute the most fundamental point: MD5 was never broken for encryption. Hashing is not encryption.

[adrian_b]

While hashing is not encryption, any secure hashing function can be used for encryption, even when used as a black box, (by making an unpredictable PRNG with it).

Moreover, MD5, SHA-1 and SHA-2 contain a block cipher function used in the Davies-Meyer mode of operation.

The internal block cipher function can be extracted and used in any other mode of operation possible for block cipher functions.

Because of these possibilities, many older laws that have existed in various places, prohibiting the inclusion of encryption in software products, but allowing secure hashing functions, have been completely misguided.

[alextingle]

It's broken for hashing too.

The point is that MD5 is no good if there's any way an adversary might want to subvert it. It's fine if you just want to use it for hashing your own documents, but as soon as there's an incentive for someone to substitute one document for another, MD5 is problematic.

That's certainly the case for encryption, but it's also the case for these legal document records.

[robertlagrant]

I don't disagree, but I think my point still stands.