Re: No More Passwords In The Clear in HTTP!

Phillip M. Hallam-Baker (hallam@dxal18.cern.ch)
Tue, 10 Jan 1995 16:18:24 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Everitt: "Re: Web conferencing"
Previous message: hallam@alws.cern.ch: "FWD: Re: No More Passwords In The Clear in HTTP!"
Maybe in reply to: Daniel W. Connolly: "No More Passwords In The Clear in HTTP!"
Next in thread: wmperry@spry.com: "Re: No More Passwords In The Clear in HTTP!"

In article <9D72@cernvm.cern.ch> you write:

|>I don't see how this proposal fixes this problem. It requires MD5 which
|>will require a license from RSA. How does this not fall into your class
|>2 space? As long as I am in that space, I would much prefer a protocol
|>which has been widely adopted by the financial community (e.g. SSL).

Nope, MD5 is a public domain algorithm, RSA put it there. so long as it is
refered to as the RSA blah de blah. Originally the code was non-commercial use
only but i think that is now changed as well - not that it would be a problem.

In any case MD5 is not the best hash to use SHA is better. Main thing to avoid
is MD4 though which is seriously compromised.

-- Phillip M. Hallam-Baker

Not Speaking for anyone else.

Next message: Paul Everitt: "Re: Web conferencing"
Previous message: hallam@alws.cern.ch: "FWD: Re: No More Passwords In The Clear in HTTP!"
Maybe in reply to: Daniel W. Connolly: "No More Passwords In The Clear in HTTP!"
Next in thread: wmperry@spry.com: "Re: No More Passwords In The Clear in HTTP!"