- From: Andy Seaborne <andy.seaborne@epimorphics.com>
- Date: Thu, 29 Sep 2011 17:30:14 +0100
- To: public-rdf-dawg@w3.org
>> Proposal 5: >> MD5 >> SHA1 >> SHA256 >> SHA512 >> SHA384 >> SHA512 >> >> (i.e. remove SHA224, but that's the problmeatic one for the commenter >> (Jeen) because it's not in the core Java runtime). > > You also include SHA512 twice, making the list look longer! :-) Two independent implementations, just to be sure. > Also, I was advised against including MD5 -- as the earlier xmldsig > advises -- because of known security problems with it. I guess the > theory is that it's important to steer people away from technology that > looks secure but isn't. (The counter-argument is that some people > still use it. But maybe should let that be entirely on them.) Yes - it's not recommended for weak for SSL certificates or digital signatures (hence xmldsig). MD5 has it's place as for error-checking: http://en.wikipedia.org/wiki/MD5#Applications Andy > > -- Sandro > >> http://download.oracle.com/javase/7/docs/api/ >> http://download.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest >> >> Do any programming languages have problems with this set? >> >> Andy >> >> > > >
Received on Thursday, 29 September 2011 16:30:47 UTC