W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Re: Content-Digest proposal (was Re: Revised Charter)

From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 3 Nov 1995 14:35:14 -0800 (PST)
To: Ari Luotonen <luotonen@netscape.com>
Cc: Laurent Demailly <dl@hplyot.obspm.fr>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SOL.3.91.951103142822.1943F-100000@chivalry>
> 
> Having more generality just complicates things on both ends, because
> support for a new digest algorithms won't even appear simultaneously
> on the server and client side.  Not that it's even important.  In
> practice, it's gonna remain MD5 for a real long time, if not forever

People should be aware that many people consider MD5 to be insufficiently 
secure to rely on it for long term use. If the header is using 
Content-MD5 as an insercure hash, then it's ok (in fact, using a weaker, 
faster HASH such as MD4 may be better). If it's to be used for security 
purposes, then longer hashes are crucial. 

Remember, due to the Birthday Paradox, MD5 is breakable with effort
O(2^64); the NSA recommends a minimum of 80 bits of security. 

Simon
Received on Friday, 3 November 1995 14:36:00 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:34 EDT