top | item 28219779

(no title)

wisienkas | 4 years ago

Not knowing too much of the NeuralHash model, but why are they using MD5 hash, they are known to have many collisions. We don't use MD5 for private/public keys for the same reason

discuss

enedil|4 years ago

We don't use md5 for private/public keys because md5 is a hashing algorithm, unrelated completely to encryption. Also, what are your reasons to believe that md5 has been used there?

Grollicus|4 years ago

Hashes are generally a part of the signature generation used with certificates. See for example "What role do hashes play in TLS/SSL certificate validation?" -> https://security.stackexchange.com/questions/67512/what-role...

In certificates, md5 - and sha1 - was used quite some time after it was known to be weak, I suspect OP was thinking of that.

This article seems to give a good summary what happened with sha1, mentions md5 in passing and links the related chromium issue: https://konklone.com/post/why-google-is-hurrying-the-web-to-...

Retr0id|4 years ago

What makes you think they're using MD5 anywhere?

Even if they were, it wouldn't matter, because NeuralHash is non-cryptographic by design.

wisienkas|4 years ago

I looked at the link and looked at the output from the algorithm for the 2 images which was a MD5 hash. so from that :)