[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 versus SHA -Reply

> From Ed_Reed@Novell.COM Wed Mar 29 08:45:07 1995

> I second Frank's remarks.
> 3) don't let the proposal go forward without some required, common, even if sub-optimal
> required algorithms (two, really - a null facility meaning we're not doing security on this
> session, and one of the algorithms under discussion. 
> 4) for the default algorithm, select on the basis of strength rather than speed.  Other
> algorithms will provide speed.  We're sunk if the mandated algorithm lacks "adequate"
> strength for some measure of adequacy which may be obsoleted at sometime in the future.
> All of this is, of course, modulo import/export and trans-boarder data flow issues.

Any chance of defining MD5-2?

One MAJOR flaw in MD5 is using little-endian (anti-"network standard" byte order).

This means that big-endians incur a byte-reordering cost they don't usually incur.
Little-endians already incur this cost, so it isn't an extra burden on them.

(assuming you're interested in what changes are useful,
 choosing an algorithm with little-endian order on
 a network-entity seems to be correctable...)