Keyed-MD5, ITAR, and HTTP-NG

Perry E. Metzger perry at piermont.com
Tue Oct 31 12:42:06 PST 1995



hallam at w3.org writes:
> 	Do not spec Keyed MD5, it is a complete looser. It is actually weak
> against a number of attacks. There are much better constructs for creating
> a keyed digest. There are much better ways of creating a digest than using
> a hash fuinction as the base.

What??? 

A keyed version of MD5 is the base authentication mechanism in IPSP
and it has been heavily examined by a number of very good
cryptographers.

Perry






More information about the cypherpunks-legacy mailing list