Version 13 of md5

Documentation can be found at http://tcllib.sourceforge.net/doc/md5.html

Anyone with some tips for the novice as to common uses for md5 and sha1?

DL - Here are some common uses for md5:

When distributing software, an md5 hash is computed and advertised alongside the published software. When the software is fetched, the user may recompute the md5 hash and compare it to the public md5 hash to have confidence that the downloaded distribution is indeed the one that was originally published.
The POP protocol can (as an option) avoid sending a plaintext password and instead send a hash of the password and the date. This protects the plaintext password from capture while still ensuring a high-level of authentication. You can see how this is coded in applications such as tkbiff.

md5 is older and more commonly used than sha1 but sha1 is considered more secure. However, for most purposes, md5 is good enough.

PT - SHA and MD5 are both enhanced digests based upon the MD4 algorithm. Although MD4 has not been broken - attacks have been demonstrated against the first two rounds and separately against the final round. The publication of these cryptanalytical attacks lead to a strengthend algorithm - MD5. See the sha1 page for details of how that has been sthrengthened. For MD5, the enahancements involve adding another round, adding a unique constant into each step, changing the round 2 function G to be less symmetrical. Each step now also includes the result of the previous step to speed up the avalanche effect. See [BOOK: Applied Cryptography pp 436].

Fast alternatives include mhtcl and ...

The tcllib implementation provides a Tcl only MD5 but it will defer to the md5 from the Trf package if that is available.

Salvatore Sanfilippo: A pure TCL implementation is at http://expect.nist.gov/md5pure/

Category Package, subset Tcllib, Category Cryptography