- From: Simon Spero <ses@tipper.oit.unc.edu>
- Date: Fri, 3 Nov 1995 14:35:14 -0800 (PST)
- To: Ari Luotonen <luotonen@netscape.com>
- Cc: Laurent Demailly <dl@hplyot.obspm.fr>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> > Having more generality just complicates things on both ends, because > support for a new digest algorithms won't even appear simultaneously > on the server and client side. Not that it's even important. In > practice, it's gonna remain MD5 for a real long time, if not forever People should be aware that many people consider MD5 to be insufficiently secure to rely on it for long term use. If the header is using Content-MD5 as an insercure hash, then it's ok (in fact, using a weaker, faster HASH such as MD4 may be better). If it's to be used for security purposes, then longer hashes are crucial. Remember, due to the Birthday Paradox, MD5 is breakable with effort O(2^64); the NSA recommends a minimum of 80 bits of security. Simon
Received on Friday, 3 November 1995 14:36:00 UTC