If so, are you going to switch it over to a different library? Something other than SHA-1 that hasn't been even potentially 'defeated" yet? Pete

Pete, See your other thread, ProcessGuard uses MD5 and is still fine for doing executables as far as I am aware. :)

Pilli

Hi,

Since the Crypto 2004 Conference, many possible collisions have been announced (MD5, SHA):

http://www.cryptography.com/cnews/hash.html

The answer of RSA Labs: http://www.rsasecurity.com/rsalabs/node.asp?id=2738

I've reported the MD5 vulnerability: http://www.wilderssecurity.com/showthread.php?p=349798

Now it seems to be the case for SHA-1 (even if the proof of concept has not been published).

But these vulnerabilities does not mean critical security issue for product using MD5 or SHA-1 algorithms.

Cracking an MD5 password could take several hours.
Let's imagine for SHA-1...

There's surely some worms which could bypass the integrity control of some NIDS/IDS for instance.

We could increase our defense by using integrity checkers with SHA-1 algoritm or SHA-5 or not.

In any case, it will be more difficult to bypass the integrity control than a simple password.

Therefore, i really don't think that i have to worry about a malware which could bypass the integrity protection of my system (Windows, PG or my others softs).
But we never know..."as far as i am aware".. ;) .
(................................................................................................)

Regards