Keyed-MD5, ITAR, and HTTP-NG
hallam at w3.org
hallam at w3.org
Wed Nov 1 17:28:57 PST 1995
Simon,
Do not spec Keyed MD5, it is a complete looser. It is actually weak
against a number of attacks. There are much better constructs for creating
a keyed digest. There are much better ways of creating a digest than using
a hash fuinction as the base.
There is some work by Phil Rogaway on making keyed digest functions
which I strongly recommend people look at. I can post a paper on the subject if
people are interested.
Phill
More information about the Testlist
mailing list