>> Hans Dobbertin found some weaknesses in MD5 in 1996. > Also note that RFC 2104 on the HMAC construction used in IPSEC > explicitly cites Dobbertin and says the attack does not apply: this is because dobbertin's attack works only against message-digest applications of md5; his attack doesn't work against md5 MACs, ie, when md5 is used to hash a symmetric key with the plaintext. but, i generally tell clients to use sha-1 even for MACs, just to avoid confusing their customers. - don davis, boston - --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
- Crypographically Strong Software Distribution HOWTO V. Alex Brennen
- Re: Crypographically Strong Software Distribut... Bill Frantz
- Re: Crypographically Strong Software Distribut... Rich Salz
- Re: Crypographically Strong Software Distr... V. Alex Brennen
- Re: Crypographically Strong Software Distribut... Kent Crispin
- Re: Crypographically Strong Software Distribut... Jon Callas
- Re: Crypographically Strong Software Distribut... Bram Cohen
- Re: Crypographically Strong Software Distr... Donald E. Eastlake 3rd
- Re: Crypographically Strong Software Distribut... Sandy Harris
- Re: Crypographically Strong Software Distribut... Ben Laurie
- Re: Crypographically Strong Software Distribut... Rich Salz
- Re: Crypographically Strong Software Distribut... V. Alex Brennen
- Re: Crypographically Strong Software Distribut... Ben Laurie
- Re: Crypographically Strong Software Distribut... Ben Laurie
- Re: Crypographically Strong Software Distr... V. Alex Brennen
- Re: Crypographically Strong Software Distribut... Greg Broiles
- Re: Crypographically Strong Software Distr... V. Alex Brennen
- Re: Crypographically Strong Software Distribut... Rich Salz