[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: End of WG Last Call for AH+MD5 and ESP+DES+3DES
Hilarie said:
I think that MD5(key, text, key) may be more secure than the double
hash. My understanding is that Kaliski's suggestion was based on the
idea that MD5(text) might be a useful subfunction. However, I'm
uneasy at the idea of a possible cryptanalysis of MD5(foo,key); not a
question I've seen examined before.
MD5(key,data,key) is one of the few things we had concensus about. Burt
did not say that this was weak, rather he said that the other had more
study behind it.
I think that we should keep MD5(key,data,key) because it an be computed
with one function invocation when implemented in hardware.
MD5(MD5(data),key) will require two function invocations in hardware
implementations.
Russ