lotus



previous page: 4.2) Isn't encrypt-only SSL open to "man-in-the-middle" attacks?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 4.4) The record protocol sits underneath the other protocols, right?... (SSL)

4.3) When did MD5 get "disavowed"?




Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

4.3) When did MD5 get "disavowed"?

It hasn't been truly "disavowed", but weaknesses have been
discovered such that some people believe that an alternative should
be found. These weaknesses were found by Dr. Hans Dobbertin
<dobbertin@skom.rhein.de> of the German Information Security Agency
in a paper called "Cryptanalysis of MD5 Compress" dated May 2, 1996.
A postscript version of the paper is at
<http://www.cs.ucsd.edu/users/bsy/dobbertin.ps>.

SSL uses MD5 in combination with SHA for all negotiation. It also
uses MD5 alone in most negotiated cipher suites. However, in these
cases it is used with the HMAC construction, which strengthens it
such that there are no known problems with this construction.

It has been proposed with TLS to start phasing out all use of MD5.

 

Continue to:













TOP
previous page: 4.2) Isn't encrypt-only SSL open to "man-in-the-middle" attacks?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 4.4) The record protocol sits underneath the other protocols, right?... (SSL)