Using MD5 sum instead of SHA1

[pablomayobre]

MD5 is way faster than SHA, plus it is globally suported and everyone uses MD5 as file checksum.

PS: We have been working on MD5.lua with @kikito and it is great and ultra fast

[Bobbyjoness]

Have any bench marks of the current implementation versus that one to prove your claims?

[pablomayobre]

Nope I can provide some but there is no reason really, MD5.lua uses BitOps lib, while SHA1 uses a pure lua implementation of bit operations... That tells you everything haha

[pablomayobre]

I'll try to make SHA1 use BitOps, but it wont get much faster than MD5 (probably will be slower) since the implementation is rather complex

[josefnpat]

Believe it or not, I was considering sha256 or sha512. The biggest issue with using md5 is that creating collisions is actually easy. While it might be hard to match the size of the data, if a client does not check hash and size, a user could pad data until it collided with the desired data.

sha1 is starting to get into that collision issue :cry:

Due to LuaJIT's fantastic speed, processing SHA* values is much faster than it was with pure lua (no bitops). If you can provide metrics to show that the average data size (e.g. from the current catalog) would take an unbearable time (compare the download size) to process, then we can talk further on this issue.

If you feel strongly about the issue, you are more than welcome to re-open the ticket.

[pablomayobre]

Well, for 1.X what algorithm would you like? I can maybe optimize it

[Bobbyjoness]

I personally think the webs have already fully optimized implementations for us to use.

[josefnpat]

@Positive07 I will make a new ticket for that then.

[pablomayobre]

For lua? Not really, I have tested a few and they were

a- Slow b- Horrible c- Broken