[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyed-MD5, ITAR, and HTTP-NG

To: [email protected]
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
From: John Lull <[email protected]>
Date: Tue, 31 Oct 1995 22:30:21 GMT
Cc: [email protected]
Organization: Windsmith
References: <[email protected]>
Sender: [email protected]

On Tue, 31 Oct 1995 13:55:34 -0500, you wrote:

> MD5 is pretty well entrenched in IETF circles

Agreed, but that doesn't make it appropriate here.

> and since RSAREF only
> provides Md2, MD4 and MD5 there has to be an option to use at least 
> one of them.

Why?  Is there some REAL requirement that HTTP-NG be implementable
using only RSAREF for crypto?

> MD5 is the best of that set IMHO.

No argument -- but it's still too short for most hash applications.
I'd much rather see hashes that everyone agrees are more than long
enough for the forseeable future  -- and I don't think you'll find
that consensus for MD5.

Of course, whether a particular hash is as secure as it can be for a
given length is a separate question.

  <references snipped>

Thanks for the pointers.

References:
- Re: Keyed-MD5, ITAR, and HTTP-NG
  - From: [email protected]

Prev by Date: Re: /dev/random for FreeBSD [was: Re: /dev/random for Linux]
Next by Date: Re: Need Mail-to-News gates
Prev by thread: Re: Keyed-MD5, ITAR, and HTTP-NG
Next by thread: Re: Keyed-MD5, ITAR, and HTTP-NG
Index(es):
- Date
- Thread