From: John Lull <lull@acm.org>
To: hallam@w3.org
Message Hash: 8f599862c8d9e7f4e5e47db5c30156ac2e241477d94667f14d444646bcff2f36
Message ID: <199510312230.OAA15622@ix4.ix.netcom.com>
Reply To: <9510311855.AA00379@zorch.w3.org>
UTC Datetime: 1995-10-31 23:13:35 UTC
Raw Date: Wed, 1 Nov 1995 07:13:35 +0800
From: John Lull <lull@acm.org>
Date: Wed, 1 Nov 1995 07:13:35 +0800
To: hallam@w3.org
Subject: Re: Keyed-MD5, ITAR, and HTTP-NG
In-Reply-To: <9510311855.AA00379@zorch.w3.org>
Message-ID: <199510312230.OAA15622@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 31 Oct 1995 13:55:34 -0500, you wrote:
> MD5 is pretty well entrenched in IETF circles
Agreed, but that doesn't make it appropriate here.
> and since RSAREF only
> provides Md2, MD4 and MD5 there has to be an option to use at least
> one of them.
Why? Is there some REAL requirement that HTTP-NG be implementable
using only RSAREF for crypto?
> MD5 is the best of that set IMHO.
No argument -- but it's still too short for most hash applications.
I'd much rather see hashes that everyone agrees are more than long
enough for the forseeable future -- and I don't think you'll find
that consensus for MD5.
Of course, whether a particular hash is as secure as it can be for a
given length is a separate question.
<references snipped>
Thanks for the pointers.
Return to October 1995
Return to “Rich Salz <rsalz@osf.org>”