[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: End of WG Last Call for AH+MD5 and ESP+DES+3DES

Hilarie said:
     I think that MD5(key, text, key) may be more secure than the double 
     hash. My understanding is that Kaliski's suggestion was based on the 
     idea that MD5(text) might be a useful subfunction.  However, I'm 
     uneasy at the idea of a possible cryptanalysis of MD5(foo,key); not a 
     question I've seen examined before.
MD5(key,data,key) is one of the few things we had concensus about.  Burt 
did not say that this was weak, rather he said that the other had more 
study behind it.

I think that we should keep MD5(key,data,key) because it an be computed 
with one function invocation when implemented in hardware.  
MD5(MD5(data),key) will require two function invocations in hardware