[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changes in AP draft
William Allen Simpson says:
> There is an error in your Appendix on keyed-MD5. The secret should be
> both before and after the protected data.
> Otherwise, "inverse MD5" could unroll the data hash, and learn the hash
> of the secret, allowing spoofing of the authentication.
If you know how to "inverse MD5" - mind sharing it with us?
> In response to Ran's list comment that MD5 is too slow, why not use MD4?
> Any speed tests there? Is it enough faster?
MD5 was brought forth, because the gurus thought MD4 is not secure
enough (even though it wasn't broken).
--
Regards,
Uri uri@watson.ibm.com acheron!angmar!uri N2RIU
-----------
<Disclamer>
References: