[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyed-MD5, ITAR, and HTTP-NG

To: [email protected]
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
From: "Perry E. Metzger" <[email protected]>
Date: Tue, 31 Oct 1995 18:31:14 -0500
Cc: Simon Spero <[email protected]>, [email protected]
In-Reply-To: Your message of "Mon, 30 Oct 1995 18:51:59 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

[email protected] writes:
> 	Do not spec Keyed MD5, it is a complete looser. It is actually weak
> against a number of attacks. There are much better constructs for creating
> a keyed digest. There are much better ways of creating a digest than using
> a hash fuinction as the base.

What??? 

A keyed version of MD5 is the base authentication mechanism in IPSP
and it has been heavily examined by a number of very good
cryptographers.

Perry

Follow-Ups:
- Re: Keyed-MD5, ITAR, and HTTP-NG
  - From: [email protected]

References:
- Re: Keyed-MD5, ITAR, and HTTP-NG
  - From: [email protected]

Prev by Date: Nautullus Voice Encryption
Next by Date: Re: Keyed-MD5, ITAR, and HTTP-NG
Prev by thread: Re: Keyed-MD5, ITAR, and HTTP-NG
Next by thread: Re: Keyed-MD5, ITAR, and HTTP-NG
Index(es):
- Date
- Thread