Re: which is our DIGEST-MD5 successor?

["Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx>]

Simon Josefsson wrote:

>> Thanks, that uses HMAC-SHA-256 => nothing for me.
> Could you elaborate why?

The short version:  My MD5 test suite is about MD5,
all MD5 examples in RFCs I'm aware of:
<http://omniplex.blogspot.com/2008/03/md5-16-pop3-and-uuid.html>

A somewhat longer version:  I don't trust SHA-*, I
think that folks wanting SHA-* claiming that it is
"better" often miss more than one point, I don't
have the 30..100K USD for a certificate (see SAAG
thread), and I don't like the SHA-* patent.  

That's as far as "for fun" is concerned, I'd have
no problem with implementing SHA-* professionally,
or using a certified library.  But I'd still ask
in what sense SHA-256 is "better" apart from the
obvious "twice as nothing happens" for 256=2*128.

Also a point in SCRAM, but I didn't check if it is
still there, does MD5( ... MD5( x ) ... ) make 
sense, apart from burning time ?  Why not simply
use MD5( counter || x ) instead of MD5^n( x ) ?

One nice property of MD5, I have vague ideas about
its limitations, e.g., nobody ever said that it is
suited to produce pseudo random numbers.  

 Frank