Re: Content-Digest proposal (was Re: Revised Charter)

> Having more generality just complicates things on both ends, because
> support for a new digest algorithms won't even appear simultaneously
> on the server and client side.  Not that it's even important.  In
> practice, it's gonna remain MD5 for a real long time, if not forever

People should be aware that many people consider MD5 to be insufficiently 
secure to rely on it for long term use. If the header is using 
Content-MD5 as an insercure hash, then it's ok (in fact, using a weaker, 
faster HASH such as MD4 may be better). If it's to be used for security 
purposes, then longer hashes are crucial. 

Remember, due to the Birthday Paradox, MD5 is breakable with effort
O(2^64); the NSA recommends a minimum of 80 bits of security. 


Received on Friday, 3 November 1995 14:36:00 UTC