[144655] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: XML signature HMAC truncation authentication bypass

daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Jul 29 12:57:57 2009

Date: Tue, 28 Jul 2009 23:23:36 -0700
To: cryptography@metzdowd.com
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <2735B4A2-15E9-430A-ABCA-AD5195C48CE9@callas.org>

At 05:11 PM 7/27/2009, Jon Callas wrote:
>By the way, do you think it's safe to phase out MD5?
>That will break all the PGP 2 users.

Depends - if you're only replacing it with SHA-1, it's probably not 
worthwhile..
And if you're breaking things anyway, might as well replace most of the
bit-twiddling variable-length number field types with 32-bit-word-aligned 
types,
but nobody listened to me rant about that a decade ago :-)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[144655] in cryptography@c2.net mail archive

Re: XML signature HMAC truncation authentication bypass

daemon@ATHENA.MIT.EDU (Bill Stewart)Wed Jul 29 12:57:57 2009

daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Jul 29 12:57:57 2009