RFR: 8251216: Implement MD5 intrinsics on AArch64
Andrew Haley
aph at openjdk.java.net
Wed Dec 1 17:01:20 UTC 2021
On Wed, 1 Dec 2021 15:24:40 GMT, Ludovic Henry <luhenry at openjdk.org> wrote:
> > MD5 has been proven insecure, and its weaknesses have been exploited in the field. It is disabled in many systems. I am surprised that we are thinking of accelerating it for possible future use, and that we're adding a worse-then-useless crypto algorithm to the AArch64 startup.
>
> I wholeheartedly agree with your take. Unfortunately, it's still used on many systems, like for verifying the integrity of downloads ([Azure Blob Storage](https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.storage.blob.blobproperties.contentmd5?view=azure-dotnet-legacy) for example).
Ha! ��
OK. This seems like a really weird time to be adding MD5 support, almost four years after MD5 was disabled for jarfile signing, and 15 years after the first practical break. But I guess it's harmless enough, even though I hate having to carry such baggage around.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6628
More information about the hotspot-compiler-dev
mailing list