- From: <tgindin@us.ibm.com>
- Date: Tue, 23 Nov 1999 19:16:35 -0500
- To: "DSig Group" <w3c-ietf-xmldsig@w3.org>
First, a minor editorial correction - the RFC number for MD5 is 1321.
Second, there is a class of hash "algorithms" known as composite hash
algorithms. These algorithms are formed by taking the outputs of 2 or more
separate, well-known hash algorithms and concatenating them. They
obviously are stronger than any of their individual elements, and are quite
simple to implement. The ones of principal current interest are
SHA1FollowedByMD5 and SHA1FollowedByRIPEMD192. I would suggest that the
current deprecation of MD5 be qualified as "NOT RECOMMENDED except as a
component of a composite hash algorithm because ..." to avoid deprecating
SHA1FollowedByMD5, which is somewhat stronger than SHA-1.
Tom Gindin
Received on Tuesday, 23 November 1999 19:16:36 UTC