XML signature HMAC truncation authentication bypass

Bill Stewart bill.stewart at pobox.com
Wed Jul 29 02:23:36 EDT 2009

At 05:11 PM 7/27/2009, Jon Callas wrote:
>By the way, do you think it's safe to phase out MD5?
>That will break all the PGP 2 users.

Depends - if you're only replacing it with SHA-1, it's probably not 
And if you're breaking things anyway, might as well replace most of the
bit-twiddling variable-length number field types with 32-bit-word-aligned 
but nobody listened to me rant about that a decade ago :-)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list