W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

ACTION-136: Propose stronger text on MD5 for 6.2

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 11 Jan 2009 15:09:20 +0100
Message-Id: <7FC42531-B8BB-4D72-8C3F-A7E29CCD6505@w3.org>
To: XMLSec WG Public List <public-xmlsec@w3.org>

Section 6.2 of XML Signature currently states:

> Only one digest algorithm is defined herein. However, it is expected  
> that one or more additional strong digest algorithms will be  
> developed in connection with the US Advanced Encryption Standard  
> effort. Use of MD5 [MD5] is NOT RECOMMENDED because recent advances  
> in cryptanalysis have cast doubt on its strength.


I suggest the following instead (also saying a few words about SHA-1):

> This specification defines several digest algorithms, including  
> SHA-1.  Use of SHA-1 in newly generated signatures is NOT  
> RECOMMENDED, because recent advances in cryptanalysis have cast  
> doubt on its strength. However, the algorithm remains mandatory to  
> implement in this specification, to enable interoperability with  
> implementations of previous versions.


> Additionally, use or implementation of MD5 is NOT RECOMMENDED,  
> because advances in cryptanalysis over the past 10 years have led to  
> a point where known weaknesses in MD5's collision resistance can be  
> used for practical attacks against deployments of this algorithm.


Thoughts?
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Sunday, 11 January 2009 14:09:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT