On Tue, 31 Oct 1995 13:55:34 -0500, you wrote:
MD5 is pretty well entrenched in IETF circles
Agreed, but that doesn't make it appropriate here.
and since RSAREF only provides Md2, MD4 and MD5 there has to be an option to use at least one of them.
Why? Is there some REAL requirement that HTTP-NG be implementable using only RSAREF for crypto?
MD5 is the best of that set IMHO.
No argument -- but it's still too short for most hash applications. I'd much rather see hashes that everyone agrees are more than long enough for the forseeable future -- and I don't think you'll find that consensus for MD5. Of course, whether a particular hash is as secure as it can be for a given length is a separate question. <references snipped> Thanks for the pointers.