Re: No More Passwords In The Clear in HTTP!

Phillip M. Hallam-Baker (hallam@dxal18.cern.ch)
Tue, 10 Jan 1995 16:18:24 +0100


In article <9D72@cernvm.cern.ch> you write:

|>I don't see how this proposal fixes this problem. It requires MD5 which
|>will require a license from RSA. How does this not fall into your class
|>2 space? As long as I am in that space, I would much prefer a protocol
|>which has been widely adopted by the financial community (e.g. SSL).

Nope, MD5 is a public domain algorithm, RSA put it there. so long as it is
refered to as the RSA blah de blah. Originally the code was non-commercial use
only but i think that is now changed as well - not that it would be a problem.

In any case MD5 is not the best hash to use SHA is better. Main thing to avoid
is MD4 though which is seriously compromised.

--
Phillip M. Hallam-Baker

Not Speaking for anyone else.