From: hallam@w3.org
To: John Lull <lull@acm.org>
Message Hash: 02fd50816d84dae0f5894635d89dedb5d680441b350d8fe1d0b59bf47274c1be
Message ID: <9510311855.AA00379@zorch.w3.org>
Reply To: <199510311650.IAA09144@ix2.ix.netcom.com>
UTC Datetime: 1995-10-31 20:16:56 UTC
Raw Date: Wed, 1 Nov 1995 04:16:56 +0800
From: hallam@w3.org
Date: Wed, 1 Nov 1995 04:16:56 +0800
To: John Lull <lull@acm.org>
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
In-Reply-To: <199510311650.IAA09144@ix2.ix.netcom.com>
Message-ID: <9510311855.AA00379@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain
>I would prefer to see MD5 deleted. A 128 bit hash simply seems too
>marginal in length for long term use in most hash applications. I
>would much rather see something like Haval as a second hash algorithm.
>It can be faster than MD5, and can easily be tailored to the hash
>width you want. If 128 bit hashes are really needed, use Haval's
>128-bit option.
MD5 is pretty well entrenched in IETF circles and since RSAREF only
provides Md2, MD4 and MD5 there has to be an option to use at least
one of them. MD5 is the best of that set IMHO.
For Phil Rogaway's comments on keyed MD5 see :-
http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/draft-rogaway-ipsec-comments-00.tx
t
Unfortch much of the information he gave in his talk appears not to be there.
C'est la vie as they say in Canada.
Also the cryptobytes article Miclael found an online for is well worth
a look. http://www.rsa.com/rsalabs/cryptobytes/spring95/md5.htm
I would have quoted it but I didn't know it was avaliable in e-form. The
cryptobytes articles are well worth reading in general.
Also on Phil's page:
http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/list.html
Mihir Bellare, Roch Guerin and Phillip Rogaway
XOR MACs: New methods for message authentication using finite pseudorandom
functions,
Crypto '95.
Phill
Return to October 1995
Return to “Rich Salz <rsalz@osf.org>”