https://duckduckgo.com/?t=palemoon&q=md5+broken &
https://duckduckgo.com/?q=sha1+broken&t=palemoon
The whole way to generate the MD5 & SHA1 checksum is broken and can be spoofed.
Thats why we need to use stronger ones, like SHA2 and SHA3
MERGED POST
SHA1:
https://www.schneier.com/blog/archives/ ... roken.html,
https://www.quora.com/In-cryptography-w ... ms?share=1 and a lot more.
Or as TL;DR: On February 23, 2017 CWI Amsterdam and Google announced they had performed a collision attack against SHA-1,[
14][
15] publishing two dissimilar PDF files which produce the same SHA-1 hash as
proof of concept.
And MD5 is even worse:
The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".[
4] Despite this known vulnerability, MD5 remains in use.
A 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD5
collision resistance in 218 time. This attack runs in less than a second on a regular computer.[
2]
MD5 is prone to
length extension attacks.
Is that enough? I dont understand why you dont know that nor just use stronger checksums
