Re: IPsec mandatory authentication algorithms

[Robert Moskowitz <rgm3@chrysler.com>]

At 10:38 AM 10/7/97 -0400, C. Harald Koch wrote:
>
>The cryptographic community appears to have declared MD5 anywhere from
>suspect to compromised, depending on their level of paranoia.

Well, actually, I have old messages from Hugo stating that HMAC addresses
these concerns.  And the workgroup came to the conclusion that HMAC-MD5 and
HMAC-SHA1 were equally secure.  Then once we truncated both to 96 bits,
well is there a difference anymore, other than MD5 is consistantly reported
as faster than SHA1...

>Therefore, I'd recommend making HMAC with SHA-1 *mandatory*, and possibly
>even specify that it should be preferred when negotiating.

Thus many of us feel that MD5 is the mandatory, as the SHA1 does not seem
to bring technical value.

>Whether or not HMAC with MD5 is also mandatory is less important to me... :-)
>
And I feel the same about SHA1...


Robert Moskowitz
Chrysler Corporation
(810) 758-8212

---

Follow-Ups:

• Re: IPsec mandatory authentication algorithms
• From: Bart Preneel <Bart.Preneel@esat.kuleuven.ac.be>

References:

• IPsec mandatory authentication algorithms
• From: Karen Seo <kseo@bbn.com>
• Re: IPsec mandatory authentication algorithms
• From: "C. Harald Koch" <chk@utcc.utoronto.ca>

---

• Prev by Date: Re: IPsec Architecture -- proposed changes
• Next by Date: Re: IPsec Architecture -- proposed changes
• Prev by thread: Re: IPsec mandatory authentication algorithms
• Next by thread: Re: IPsec mandatory authentication algorithms
• Index(es):
  • Main
  • Thread