On 24/10/2008, Lovette, Steve <[EMAIL PROTECTED]> wrote: > HC development community > > As I understand it NIST FIPS 180-2 does not support the use of the MD5 > algorithm for digest functions. In researching government security STIGS > this appears to be a security violation (i.e. vulnerability). However, I > see that it is still in use with the HC 3.1. So I am surprised and > suspecting that I am missing something. I don't see this issue addressed > on the Apache HC Web site or the code fixed. >
In what respect does the use of MD5 make HC vulnerable? > > Any insight would greatly appreciated. I think you may have misunderstood the function of HttpClient. HC is a client library for communicating with web-servers, and as such follows the relevant HTTP RFCs. What motivates your question? > > Thank you, Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
