The SF Chronicle talked to me last week about a forensic tool that uses MD5 to ensure its evidence has not been tampered with after collection.
Cellebrite’s Ofrat said that despite the theoretical possibility of hacks to MD5, the likelihood is low. “You’d have to have the best hacker in the world,” he said. But his firm is studying SHA-256 and will move to that if it becomes an industry standard, he said.
I appreciate his humble acknowledgement that anyone who can run a software tool is now “the best hacker in the world”. But perhaps they should move to more secure hash functions like SHA-256 anyway. After all, other forensic software has moved to SHA-256 since at least 2003 after the US government (NIST) standardized on it in 2002. Is that standard enough for Cellebrite?