[1368] in WWW Security List Archive
Re: Digest Authentication
daemon@ATHENA.MIT.EDU (Dan Stromberg - OAC-DCS)
Mon Jan 1 17:12:59 1996
To: smb@research.att.com
Cc: http-wg@cuckoo.hpl.hp.com, www-security@ns2.rutgers.edu
In-Reply-To: Your message of "Sun, 31 Dec 1995 19:07:05 EST."
<199601010007.TAA09825@ns2.rutgers.edu>
Date: Mon, 01 Jan 1996 08:58:02 -0800
From: Dan Stromberg - OAC-DCS <strombrg@hydra.acs.uci.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
I realized after sending my message, that I was thinking of "chalace",
and not snefru. I hadn't known snefru wasn't as strong as MD5 -
interesting.
Snuffle turned out to be an encryption system built overtop of snefru.
Thank you for pointing this out.
In message <199601010007.TAA09825@ns2.rutgers.edu>you write:
> "Snefru" is widely available, tho probably not widely used, and uses
> MD5 for authentication. The US goverment does not appear to have gone
> after the author. I wrote a system using MD5 for auth, inspired by
> snefru, but I have no intention of allowing it off campus, at this
> point. :(
>
>Snefru does not use MD5. It's an alternative to it, and not as strong.
>
Dan Stromberg - OAC/DCS strombrg@uci.edu
