On Mon, Dec 21, 2009 at 5:07 PM, Deepak Nagaraj <[email protected]> wrote: >> AFAIK that really doesn't apply. It's not an int, it's a 16-byte >> 'array' that shouldn't be reordered. >> > You're right about MD5. I checked the MD5-algorithm RFC (1321). It > specifies that the digest is generated in little-endian order. > > """ > The message digest produced as output is A, B, C, D. That is, we begin > with the low-order byte of A, and end with the high-order byte of D. > """ > > So as long as the generator and verifier both follow the MD5 algorithm > as per its RFC, we should be OK. > > But on the other hand, HTTP "Content-MD5" header RFC (1864) explicitly > mentions network byte ordering as I originally quoted. Being a > standards-compliant HTTP server, IMO, we should be doing whatever the > RFC says, even if it's a nuance.
What RFC? The MD5 one? Or the HTTP MD5 one (1864)? Olaf
