[7164] in www-talk@info.cern.ch
Re: No More Passwords In The Clear in HTTP!
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Tue Jan 10 10:22:48 1995
Date: Tue, 10 Jan 1995 16:20:59 +0100
Errors-To: listmaster@www0.cern.ch
Reply-To: hallam@dxal18.cern.ch
From: hallam@dxal18.cern.ch (Phillip M. Hallam-Baker)
To: Multiple recipients of list <www-talk@www0.cern.ch>
In article <9D72@cernvm.cern.ch> you write:
|>I don't see how this proposal fixes this problem. It requires MD5 which
|>will require a license from RSA. How does this not fall into your class
|>2 space? As long as I am in that space, I would much prefer a protocol
|>which has been widely adopted by the financial community (e.g. SSL).
Nope, MD5 is a public domain algorithm, RSA put it there. so long as it is
refered to as the RSA blah de blah. Originally the code was non-commercial use
only but i think that is now changed as well - not that it would be a problem.
In any case MD5 is not the best hash to use SHA is better. Main thing to avoid
is MD4 though which is seriously compromised.
--
Phillip M. Hallam-Baker
Not Speaking for anyone else.
