Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I'm concerned about people like me who use noscript selectively. How easy is it to create a malicious file that matches the checksum of a known file?

SHA-256? Very, very, very, very hard. I don't believe there are any known attacks for collisions for SHA-256.



I think even a collision (any collision) has yet to found.


People make too big a deal of this collision stuff, a lot of times these are very theoretical would require tremendous computation. Anyway, for this use case, even md5, how likely really to make a useful malicious that file collides with a particular known and widely used one? I dunno seems pretty unlikely.


And if you worry about that you can always use 384. Plus a side benefit is that 384 is faster on a 64-bit processor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: