- From: Thomas Roessler <tlr@w3.org>
- Date: Sun, 11 Jan 2009 15:09:20 +0100
- To: XMLSec WG Public List <public-xmlsec@w3.org>
Section 6.2 of XML Signature currently states: > Only one digest algorithm is defined herein. However, it is expected > that one or more additional strong digest algorithms will be > developed in connection with the US Advanced Encryption Standard > effort. Use of MD5 [MD5] is NOT RECOMMENDED because recent advances > in cryptanalysis have cast doubt on its strength. I suggest the following instead (also saying a few words about SHA-1): > This specification defines several digest algorithms, including > SHA-1. Use of SHA-1 in newly generated signatures is NOT > RECOMMENDED, because recent advances in cryptanalysis have cast > doubt on its strength. However, the algorithm remains mandatory to > implement in this specification, to enable interoperability with > implementations of previous versions. > Additionally, use or implementation of MD5 is NOT RECOMMENDED, > because advances in cryptanalysis over the past 10 years have led to > a point where known weaknesses in MD5's collision resistance can be > used for practical attacks against deployments of this algorithm. Thoughts? -- Thomas Roessler, W3C <tlr@w3.org>
Received on Sunday, 11 January 2009 14:09:30 UTC