- From: <tgindin@us.ibm.com>
- Date: Tue, 23 Nov 1999 19:16:35 -0500
- To: "DSig Group" <w3c-ietf-xmldsig@w3.org>
First, a minor editorial correction - the RFC number for MD5 is 1321. Second, there is a class of hash "algorithms" known as composite hash algorithms. These algorithms are formed by taking the outputs of 2 or more separate, well-known hash algorithms and concatenating them. They obviously are stronger than any of their individual elements, and are quite simple to implement. The ones of principal current interest are SHA1FollowedByMD5 and SHA1FollowedByRIPEMD192. I would suggest that the current deprecation of MD5 be qualified as "NOT RECOMMENDED except as a component of a composite hash algorithm because ..." to avoid deprecating SHA1FollowedByMD5, which is somewhat stronger than SHA-1. Tom Gindin
Received on Tuesday, 23 November 1999 19:16:36 UTC