The next version of ZipGenius will focus on documents security, so we had to refresh the set of file hashing algorithms we were using.
MD5 and SHA-1 will be still used as a reference just because they are widely used across the Web but they are already fated to die.
In fact, MD5 has been cracked a long time ago by creating “collisions” with a common desktop computer. A collision is the generation process of a fake hash of a file that is perfectly identical to the hash of a totally different file. When this happens, the algorithm cannot be considered secure because it doesn’t guarante the genuinity and integrity of a file.
The same matter applies to SHA-1 (and SHA-256), even though only in a theoretical way because collisions were found during several studies but not proved on the field, yet.
The only solution is to find a better algorithm. This is a job for the NIST, the USA entity that studies cryptography and technology, which periodically runs a competition to find the best algorithm that will become a standard. In 2012 the Keccak algorithm has been designated as the best one and in August 2015 it became an official standard for files hashing.
One of the Keccak (SHA-3) developer is Guido Bertoni of STMicroelectronics, an italian engineer with a vast experience in cryptoanalysis and who already co-developed other major cryptographic algorithms.
Well, ZipGenius will adopt SHA-3 (and not only: also Tiger, Whirlpool and others) to generate the hashes of the currently open archive. The application will be also capable of exporting those values in a HTML table that could be eventually uploaded to a Web site in order to offer a reference for checking the genuinity and integrity of an archive being downloaded.
You can support the development of useful tools and application through a donation. Choose how to donate.