[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 vs. SHA-1, Selection Criteria

To: ipsec@TIS.COM
Subject: Re: MD5 vs. SHA-1, Selection Criteria
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
Date: Tue, 28 May 1996 11:17:55 -0400
Sender: ipsec-approval@neptune.tis.com

> Date: Fri, 24 May 1996 16:26:53 -0400
> From: Craig Metz <cmetz@inner.net>
> 
> 
> 	I think a strong argument in favor of making both mandatory is simply
> the desire to have at least two options available to the end user.
> 
> [...]  I don't know about you, but I want to have a backup available in
> all cases that I can choose to use. Just in case.


That would be a more convincing argument if you were a little more
consistent about it.  Back when there was just a vague feeling that
the optional SHA was more secure than the mandatory MD5, you were
absolutely *opposed* to making SHA mandatory, "just in case".

Now that specific weaknesses have been demonstrated in MD5, and the working
group has determined that SHA should be mandatory, your security philosophy
has taken a remarkable turnaround.  Is "choice" now a general design
principle, or a special-case, politically-motivated, algorithm-specific
position?


For the record, I've previously stated my belief that MD5 should be
optional; that opinion hasn't changed.

Prev by Date: Re: IPSEC Key Management performance model
Next by Date: Re: MD5 vs. SHA-1, Selection Criteria
Prev by thread: Re: MD5 vs. SHA-1, Selection Criteria
Next by thread: Re: MD5 vs. SHA-1, Selection Criteria
Index(es):
- Main
- Thread