1995-10-31 - Re: Keyed-MD5, ITAR, and HTTP-NG

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: hallam@w3.org
Message Hash: 19cc5c074c91d20b672fa4e2f14c1211c35e7fa016f4d52ebfa2a13c55c810fc
Message ID: <199510312331.SAA03949@jekyll.piermont.com>
Reply To: <9510302351.AA28243@zorch.w3.org>
UTC Datetime: 1995-10-31 20:42:06 UTC
Raw Date: Wed, 1 Nov 1995 04:42:06 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 Nov 1995 04:42:06 +0800
To: hallam@w3.org
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
In-Reply-To: <9510302351.AA28243@zorch.w3.org>
Message-ID: <199510312331.SAA03949@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@w3.org writes:
> 	Do not spec Keyed MD5, it is a complete looser. It is actually weak
> against a number of attacks. There are much better constructs for creating
> a keyed digest. There are much better ways of creating a digest than using
> a hash fuinction as the base.

What??? 

A keyed version of MD5 is the base authentication mechanism in IPSP
and it has been heavily examined by a number of very good
cryptographers.

Perry





Thread