From owner-freebsd-arch Thu Mar 15 12:22:22 2001 Delivered-To: freebsd-arch@freebsd.org Received: from molly.straylight.com (molly.straylight.com [209.68.199.242]) by hub.freebsd.org (Postfix) with ESMTP id ED66237B718 for ; Thu, 15 Mar 2001 12:22:18 -0800 (PST) (envelope-from jonathan@graehl.org) Received: from dickie (case.straylight.com [209.68.199.244]) by molly.straylight.com (8.11.0/8.10.0) with SMTP id f2FKMEE23805 for ; Thu, 15 Mar 2001 12:22:14 -0800 From: "Jonathan Graehl" To: "freebsd-Arch" Subject: RE: ftpd SITE MD5 and "really bad links" Date: Thu, 15 Mar 2001 12:21:50 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-reply-to: <200103152003.PAA48601@khavrinen.lcs.mit.edu> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG A digest of the file would be significantly more useful if the FTP server had a site key, and transmitted the digest plus the digest encrypted with that private key. Then you would actually *know* you got the right file, as opposed to knowing you got the file that somebody, not necessarily the FTP server, wanted you to get ;) RIPEMD160 looks credible at first glance, although I'm surprised it isn't an RFC (2857 specifies using it with HMAC, though). -Jon > In article you write: > >MD5 is also held to have some cryptographic weaknesses (compared to, > >say, SHA-1 or Tiger); is the feeling that it is more than sufficient > >against any conceivable systematic/accidental source of error not > >specifically designed to exploit what weaknesses MD5 has? > > If such a command were being officially standardized, it would > probably be called "DIGEST [offset [length]]" > to allow for other types of message-digest algorithms, with a command > to show the available digest types. (Apparently many European > concerns will object to any message digest-using protocol that doesn't > allow for RIPEMD160, regardless of whether it's actually > security-sensitive.) > > I'd be happy to write this up as an RFC and take it through the > process, if someone wants to implement it. (Obviously, the initial > implementation should be "SITE DIGEST" and then we can change it if > the unqualified version makes it through the Internet Standards > Process.) > > -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message