[24] in WWW Security List Archive
Re: No commercial restrictions on MD5
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Tue Aug 16 08:06:28 1994
From: hallam@dxal18.cern.ch
To: ams@eit.com (Allan M Schiffman), www-security@ns1.rutgers.edu
Cc: hallam@dxal18.cern.ch
In-Reply-To: Your message of "Mon, 15 Aug 94 13:26:51 PDT."
<9408152026.AA09228@eitech.eit.com>
Date: Tue, 16 Aug 94 11:54:33 +0200
Alan Writeth:
>I'm quite certain that there are *no* restrictions on the use of MD5.
>RFC1321 is titled "The MD5 Message-Digest Algorithm", authored by Ron
>Rivest of MIT (the "R" in "RSA").
I thought as much, so I just need to rewrite the code segment. Should not be
too hard.
>So, go ahead and use MD5! As long as you think its secure enough, that is. :-)
Well if MD5 isn't secure then PEM and such fall apart anyway since the RSA
signatures are in general of an MD5 digest. The problem is that any symetric
scheme will always have key exchange problems until 97 when Diffie Helleman
goes out of patent - at least wrt a completely PD system.
Of course users should always be able to add extra security in. But if we can
provide a reasonably secure base product I think we should. The main thing is
that it should not be a potential hole for other systems which is the case with
the BASIC method - particularly if the system password file is used ! :-(
The big problem for security is not in E-Commerce where a delay of a few
seconds per transaction is acceptable for the user (just how fast do you
need to be able to spend money). Its where you have an information system
distributed across a company or campus. Connections must be fast, a delay
of a few seconds for every transaction simply cannot be tolerated. Here I
would like to be able to use the Web to support a backbone asymmetric key
security system and then hang fast symmetric key systems off it.
Phill H-B
