Crypographically Strong Software Distribution HOWTO
Bram Cohen
bram at gawth.com
Mon Jul 2 18:09:23 EDT 2001
On Mon, 2 Jul 2001, Jon Callas wrote:
> The answer is that you SHOULD (in IETF terms, see RFC 2119,
> <http://www.ietf.org/rfc/rfc2119.txt> for a definition of MAY, SHOULD,
> MUST, etc.)
That document clarifies nothing, it might as well say the following -
1. MUST This word, or the terms "REQUIRED" or "SHALL", mean that the
anyone violating the definition is a BAD PERSON.
3. SHOULD This word, or the adjective "RECOMMENDED", mean that anyone
violating the definition might or might not be a BAD PERSON.
> On the other hand, in the intervening five years, we haven't seen a break
> in MD5 appear. So maybe it's not as bad as we thought. Nonetheless, if you
> have a choice and you don't know what to do, pick SHA1. At the very least,
> no one will send you an email that starts, "Why did you use MD5? Don't you
> know that Hans Dobbertin...."
Most applications which move around files identify them by sha1 hash, so
if you use sha1 you might be able to use interoperability at some
point. With md5 that isn't a possibility.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list