From: hallam@w3.org
Date: Wed, 1 Nov 1995 04:16:56 +0800
To: John Lull <lull@acm.org>
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
In-Reply-To: <199510311650.IAA09144@ix2.ix.netcom.com>
Message-ID: <9510311855.AA00379@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>I would prefer to see MD5 deleted.  A 128 bit hash simply seems too
>marginal in length for long term use in most hash applications.  I
>would much rather see something like Haval as a second hash algorithm.
>It can be faster than MD5, and can easily be tailored to the hash
>width you want.  If 128 bit hashes are really needed, use Haval's
>128-bit option.

MD5 is pretty well entrenched in IETF circles and since RSAREF only
provides Md2, MD4 and MD5 there has to be an option to use at least 
one of them. MD5 is the best of that set IMHO.

For Phil Rogaway's comments on keyed MD5 see :-

http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/draft-rogaway-ipsec-comments-00.tx
t

Unfortch much of the information he gave in his talk appears not to be there. 
C'est la vie as they say in Canada.

Also the cryptobytes article Miclael found an online for is well worth 
a look. http://www.rsa.com/rsalabs/cryptobytes/spring95/md5.htm
I would have quoted it but I didn't know it was avaliable in e-form. The
cryptobytes articles are well worth reading in general.

Also on Phil's page:
http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/list.html

 Mihir Bellare, Roch Guerin and Phillip Rogaway
     XOR MACs: New methods for message authentication using finite pseudorandom 
functions,
     Crypto '95. 


	Phill