[21] in WWW Security List Archive
No commercial restrictions on MD5
daemon@ATHENA.MIT.EDU (Allan M Schiffman)
Mon Aug 15 19:54:38 1994
Date: Mon, 15 Aug 94 13:26:51 PDT
From: ams@eit.COM (Allan M Schiffman)
To: hallam@dxal18.cern.ch
Cc: www-security@ns1.rutgers.edu
Phill writes:
> Personaly I'd like to base everything on MD5 but that has
> commercial restrictivities :-(
I'm quite certain that there are *no* restrictions on the use of MD5.
RFC1321 is titled "The MD5 Message-Digest Algorithm", authored by Ron
Rivest of MIT (the "R" in "RSA"). It describes the algorithm and
supplies reference source code. The RFC puts the algorithm in the
public domain in the third paragraph of section 1:
"The MD5 algorithm is being placed in the public domain
for review and possible adoption as a standard."
The source code included in the RFC is copyrighted, but permits creation
and use of derivative works:
"/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/"
Note that even these notices the statement refers to are only necessary
if you make use of the copyrighted software printed in the RFC. If you
do your own implementation you don't have to even give credit to RSA.
So, go ahead and use MD5! As long as you think its secure enough, that is. :-)
-Allan
