Older hashing functions
We began this book by promising that we wouldn't be covering older cryptographic functions, so it seems appropriate to break that promise as early as in the third chapter.
The reason why we are not apologizing for our "misdeed" is that there are lots of hashing functions that are broken and yet are still too widely used and talked about, so it is worth taking a quick look at what's wrong with them and why they should be avoided.
Among the hashing functions that you should not use, we need to highlight the following:
- MD5 and SHA-1 are considered precursors to SHA-2. Researchers have found vulnerabilities in them that allow attackers to generate collisions in minutes (more on that shortly), so these algorithms are considered effectively broken.
- PBKDF2 is an older key derivation function that was used for password hashing too. While not broken, it's not recommended to be used as a key derivation function anymore.
At a high...
