MD5 is still used to produce file hashes in the DSA mails, for users to
verify the integrity against errors and malicious intent. the use of PGP
signing further suggests the intent to protect against malicious intent.
MD5 should not be used for this purpose. MD5 collisions can be produced
by individuals on meaningful files.
demonstration: X.509 certificates from 2 different owners with the same
MD5 should be abandoned immediately in favor of a new hash.
2 possible candidates:
- SHA-1: the present day de-facto standard hash. no collisions have been
found or published yet. it is currently broken to the extent that a
collision can be produced with complexity 2^69. it is suggested that one
can produce collisions in 56 hour per collision, with custom hardware
worth USD 38 million.
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html recommendation is to not use it in new systems if possible.
- SHA-256: newer, bigger, hash function, not yet broken, should provide
security for a very long time to come