[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyed-MD5, ITAR, and HTTP-NG

To: Simon Spero <[email protected]>, [email protected]
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
From: [email protected]
Date: Mon, 30 Oct 95 18:51:59 -0500
Cc: [email protected]
In-Reply-To: Your message of "Mon, 30 Oct 95 10:12:45 PST." <Pine.SOL.3.91.951030101221.319D-100000@chivalry>
Sender: [email protected]


Simon,

	Do not spec Keyed MD5, it is a complete looser. It is actually weak
against a number of attacks. There are much better constructs for creating
a keyed digest. There are much better ways of creating a digest than using
a hash fuinction as the base.

	There is some work by Phil Rogaway on making keyed digest functions
which I strongly recommend people look at. I can post a paper on the subject if 
people are interested.

		Phill

Follow-Ups:
- Re: Keyed-MD5, ITAR, and HTTP-NG
  - From: Simon Spero <[email protected]>
- Re: Keyed-MD5, ITAR, and HTTP-NG
  - From: michael shiplett <[email protected]>
- Re: Keyed-MD5, ITAR, and HTTP-NG
  - From: "Perry E. Metzger" <[email protected]>

References:
- Keyed-MD5, ITAR, and HTTP-NG
  - From: Simon Spero <[email protected]>

Prev by Date: "Dr." Fred
Next by Date: Re: S. 1284 To Amend (C) Act
Prev by thread: Re: Keyed-MD5, ITAR, and HTTP-NG
Next by thread: Re: Keyed-MD5, ITAR, and HTTP-NG
Index(es):
- Date
- Thread