- From: Alan Freier <freier@netscape.com>
- Date: Wed, 18 Sep 1996 10:22:42 -0700
- To: Jim Whitehead <ejw@ics.uci.edu>
- CC: w3c-dist-auth@w3.org
> We have been operating under the assumption that MD5 authentication would > be sufficient for our needs -- if something better than MD5 comes along, we > would hope we could use it. Again, the draft should state this. As long as you're restating the assumptions, I'll add my bit. MD5 is not likely to survive much longer and therefore should be considered inappropriate. Claims of being close to breaking it are beginning to circulate, including predictions of that event happening yet this year. As for a suitable replacement, SHA (aka, SHA-1) seems to be the likely candidate. There is also a hash out of Europe that seems to have the right attributes (but alas, I can't remember the name). AO -- Alan O. Freier Corporate Cynic <freier@netscape.com> (415) 937-3638 (work)
Received on Wednesday, 18 September 1996 13:23:05 UTC