I agree that removal of MD5 might be bad (maybe deprecate the use of MD5 in the components), but we should default our use of it to something else or have a means to plug in alternatives. I don't think it would be good for the "security" project to support MD5 when other (better) alternatives exist
> -Original Message-
> From: Milan Tomic [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 27, 2005 10:43 AM
> To: [email protected]
> Subject: RE: MD5 algorithm in XSEC
> Are you aware of recent collision findings for MD5 algorithm?
>
>
> I think that MD5 algorithm suppor
Title: Nachricht
Hello Werner,
Are you aware of recent collision findings
for MD5 algorithm?
For example:
1. Two certificates with the same MD5 digest
(both certificates differs in only few (5 or 6) bytes of the public key):
http://www.win.tue.nl/~bdeweger/CollidingCertifica
