[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Certification Authorities are recommended to stop using MD5 altogether"

Sam Morris <sam@robots.org.uk> writes:

> Maybe in a few years, NSS will have disabled the use of MD5 and the 
> ancient MD2 algorithm. I wonder how many other insecure algorithms are 
> still lurking in NSS, OpenSSL, GNU TLS, Java, etc...

In GnuTLS, we decided in 2005 that certificate signatures with MD5
should be rejected because MD5 was not a good hash function any more.


Reply to: