So if China will only get a mindbogglingly non-trivial list of gates and not the source code, how will they check for backdoors?
13 publicly visible posts • joined 17 Apr 2013
Don't hold your breath. Yes, nobody in their right mind will sign up with them now (or prolong a contract), but they still have a massive amount of hard to escape government and corporate contracts left that will expire one by one, and they still have 170000 (increasingly bad) staff left to cut. It will be a slow burn with plenty of drama and at the Register we have front row seats.
Obviously using MD5 for security purposes in a new application isn't a great idea, but it's still a commonly used hash, especially for legacy purposes. Completely removing it will just lead to people using crappy 3rd party implementations, which would be worse for security in the end.