If so, are you going to switch it over to a different library? Something other than SHA-1 that hasn't been even potentially 'defeated" yet? Pete
Pete, See your other thread, ProcessGuard uses MD5 and is still fine for doing executables as far as I am aware. Pilli
Hi, Since the Crypto 2004 Conference, many possible collisions have been announced (MD5, SHA): http://www.cryptography.com/cnews/hash.html The answer of RSA Labs: http://www.rsasecurity.com/rsalabs/node.asp?id=2738 I've reported the MD5 vulnerability: https://www.wilderssecurity.com/showthread.php?p=349798 Now it seems to be the case for SHA-1 (even if the proof of concept has not been published). But these vulnerabilities does not mean critical security issue for product using MD5 or SHA-1 algorithms. Cracking an MD5 password could take several hours. Let's imagine for SHA-1... There's surely some worms which could bypass the integrity control of some NIDS/IDS for instance. We could increase our defense by using integrity checkers with SHA-1 algoritm or SHA-5 or not. In any case, it will be more difficult to bypass the integrity control than a simple password. Therefore, i really don't think that i have to worry about a malware which could bypass the integrity protection of my system (Windows, PG or my others softs). But we never know..."as far as i am aware".. . (................................................................................................) Regards