[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MD5 considered insecure?
Ran Atkinson says:
> In my own personal mind, it raises the question of how we should proceed
> on the AH transforms. Possible options for the WG to consider include
> at least these:
> - Make both HMAC MD5 and HMAC SHA-1 mandatory-to-implement
> - Make HMAC MD5 optional-to-implement and HMAC SHA-1 mandatory-to-implement
The second one makes much more sense. Why would we be mandating
something that we know isn't likely to stay "good" for long?
> One question I have is whether it would be sensible to substitute HMAC SHA-1
> for HMAC MD5 in the ESP "DES-CBC HMAC MD5 Replay" transform. What do folks
> think is best ?
This substitution seems the most logical choice.
--
Regards,
Uri uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>
References: