XML signature HMAC truncation authentication bypass
Bill Stewart
bill.stewart at pobox.com
Wed Jul 29 02:23:36 EDT 2009
At 05:11 PM 7/27/2009, Jon Callas wrote:
>By the way, do you think it's safe to phase out MD5?
>That will break all the PGP 2 users.
Depends - if you're only replacing it with SHA-1, it's probably not
worthwhile..
And if you're breaking things anyway, might as well replace most of the
bit-twiddling variable-length number field types with 32-bit-word-aligned
types,
but nobody listened to me rant about that a decade ago :-)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list