[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 warning

To: ietf-openpgp@xxxxxxx
Subject: Re: MD5 warning
From: Lutz Donnerhacke <lutz@xxxxxxxxxxx>
Date: Sat, 21 Aug 2004 21:23:13 +0000 (UTC)
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Newsgroups: iks.lists.ietf-open-pgp
Organization: IKS GmbH Jena
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: slrn/0.9.8.0 (Linux)

* David Shaw wrote:
> That said, the security considerations section of the draft currently
> has some language mildly discouraging the use of MD5 ("The MD5 hash
> algorithm has been found to have weaknesses (pseudo-collisions in the
> compress function) that make some people deprecate its use.  They
> consider the SHA-1 algorithm better.")  Can we make this stronger, and
> deprecate MD5 use for OpenPGP in general?

Not necessary. All known attacks does not impose a direct risk to md5 based
OpenPGP issues.

Follow-Ups:
- Re: MD5 warning
  - From: David Shaw

References:
- MD5 warning
  - From: David Shaw

Prev by Date: MD5 warning
Next by Date: Re: MD5 warning
Previous by thread: MD5 warning
Next by thread: Re: MD5 warning
Index(es):
- Date
- Thread