I think I need to eat crow on the MD5 comment -- I was confused with SHA, which although has been attacked, is still holding up: http://www.schneier.com/blog/archives/2007/01/sha1_cracked.html Frank -----Original Message----- From: Steven M. Bellovin [mailto:smb@cs.columbia.edu] Sent: Tuesday, January 29, 2008 9:13 PM To: frnkblk@iname.com Cc: michael.dillon@bt.com; nanog@nanog.org Subject: Re: potential hazards of Protect-America act On Tue, 29 Jan 2008 20:28:05 -0600 "Frank Bulk" <frnkblk@iname.com> wrote:
Pretty good in the generalities, but there are few finer technical points that could be been precisely and accurately stated. One that comes to mind was the MD5 reference, another was the "50% loss" when talking about performing an optical split.
Speaking as one of the authors, we did our best. (But what do you mean about MD5? That was taken straight from the FOIAed FBI documents, and from conversations with people in law enforcement I'm quite certain that MD5 is still used -- inappropriately! -- in sensitive places.) --Steve Bellovin, http://www.cs.columbia.edu/~smb