[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Keyed-MD5, ITAR, and HTTP-NG
On Tue, 31 Oct 1995 13:55:34 -0500, you wrote:
> MD5 is pretty well entrenched in IETF circles
Agreed, but that doesn't make it appropriate here.
> and since RSAREF only
> provides Md2, MD4 and MD5 there has to be an option to use at least
> one of them.
Why? Is there some REAL requirement that HTTP-NG be implementable
using only RSAREF for crypto?
> MD5 is the best of that set IMHO.
No argument -- but it's still too short for most hash applications.
I'd much rather see hashes that everyone agrees are more than long
enough for the forseeable future -- and I don't think you'll find
that consensus for MD5.
Of course, whether a particular hash is as secure as it can be for a
given length is a separate question.
Thanks for the pointers.