#7634: MD5 collision could lead to SafeHaskell violation -------------------------------------+------------------------------------- Reporter: shachaf | Owner: ekmett Type: bug | Status: new Priority: normal | Milestone: ⊥ Component: Core Libraries | Version: 7.6.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: Other | Unknown/Multiple Blocked By: | Test Case: Related Tickets: | Blocking: | Differential Revisions: -------------------------------------+------------------------------------- Comment (by bananu7): A quick investigation shows that there are two parts of the problem: * `Fingerprint` is made of two `Word64`s; would need to change to four, and all the functions that manipulate on it to take four parts into account; that's an easy part * MD5 implementation used internally for hashing is written in C. I suppose the SHA-256 implementation that's necessary for the patch ''could'' be taken from `cryptohash` library, which seems pretty mature already. It would need to be integrated as a C source similarly to MD5; It's probably not feasible to drag the whole library as a GHC dependency; maybe I'm wrong here. Then the functions that have to be altered are `fingerprintData` and `fingerprintString`, the latter needing just to take the larger size of the fingerprint into the account, and the former actually being changed to use the SHA-256 context and hashing function. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/7634#comment:8 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler