From owner-freebsd-arch Thu Mar 15 12: 3:57 2001 Delivered-To: freebsd-arch@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 006A237B719 for ; Thu, 15 Mar 2001 12:03:54 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id PAA48601; Thu, 15 Mar 2001 15:03:16 -0500 (EST) (envelope-from wollman) Date: Thu, 15 Mar 2001 15:03:16 -0500 (EST) From: Garrett Wollman Message-Id: <200103152003.PAA48601@khavrinen.lcs.mit.edu> To: jonathan@graehl.org Subject: Re: ftpd SITE MD5 and "really bad links" In-Reply-To: References: <200103151919.MAA18623@usr05.primenet.com> Organization: MIT Laboratory for Computer Science Cc: arch@freebsd.org Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In article you write: >MD5 is also held to have some cryptographic weaknesses (compared to, >say, SHA-1 or Tiger); is the feeling that it is more than sufficient >against any conceivable systematic/accidental source of error not >specifically designed to exploit what weaknesses MD5 has? If such a command were being officially standardized, it would probably be called "DIGEST [offset [length]]" to allow for other types of message-digest algorithms, with a command to show the available digest types. (Apparently many European concerns will object to any message digest-using protocol that doesn't allow for RIPEMD160, regardless of whether it's actually security-sensitive.) I'd be happy to write this up as an RFC and take it through the process, if someone wants to implement it. (Obviously, the initial implementation should be "SITE DIGEST" and then we can change it if the unqualified version makes it through the Internet Standards Process.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message