[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: End of WG Last Call for AH+MD5 and ESP+DES+3DES

To: Hilarie Orman <ho@cs.arizona.edu>
Subject: Re[2]: End of WG Last Call for AH+MD5 and ESP+DES+3DES
From: "Housley, Russ" <housley@spyrus.com>
Date: Tue, 14 Mar 95 15:28:27
Cc: ipsec@ans.net
Encoding: 767 Text


Hilarie said:
     I think that MD5(key, text, key) may be more secure than the double 
     hash. My understanding is that Kaliski's suggestion was based on the 
     idea that MD5(text) might be a useful subfunction.  However, I'm 
     uneasy at the idea of a possible cryptanalysis of MD5(foo,key); not a 
     question I've seen examined before.
     
MD5(key,data,key) is one of the few things we had concensus about.  Burt 
did not say that this was weak, rather he said that the other had more 
study behind it.

I think that we should keep MD5(key,data,key) because it an be computed 
with one function invocation when implemented in hardware.  
MD5(MD5(data),key) will require two function invocations in hardware 
implementations.

Russ

Prev by Date: Re: (IPng) Proposed message on perfect forward security
Next by Date: Re: (IPng) Re: Proposed message on perfect forward security
Prev by thread: Re: End of WG Last Call for AH+MD5 and ESP+DES+3DES
Next by thread: Principle Statement on Patents and Exports
Index(es):
- Main
- Thread