-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Oct 23, 2000 at 11:49:38PM -0700, der.hans wrote:
> Am 23. Oct, 2000 schwäzte Kevin Buettner so:
>
> >  - the /dev/random driver appears to be already doing something
> >    roughly equivalent to an md5sum.  In fact, random.c contains the
> >    core of the MD5 algorithm.  However, it is not being used.
> >    In its place, something called a SHA hash is used on the entropy
> >    pool to generate random numbers.  If you prefer to use the MD5
> >    code, you can comment out the USE_SHA define.  I imagine that
> >    there's a good reason for using the SHA hash instead of MD5;
>
> Went to an intrusion detection presentation at AZSAGE last week. The
> presentor said that SHA and MD5 are the two formats allowed by the courts,
> e.g. if you encrypt with something else they won't allow the evidence. She
> said there was a way to break MD5 in a matter of minutes, so SHA appears
> to be the way to go.
>
> I don't know enough to say whether or not she was right...
>

I don't know the specifics of the attack against MD5, but most people
do seem to think that SHA is much stronger.

> ciao,
>
> der.hans
- --
Nathan Saper (natedog@well.com) | http://www.well.com/user/natedog/
GnuPG (ElGamal/DSA): 0x9AD0F382 | PGP 2.x (RSA): 0x386C4B91
Standard PGP & PGP/MIME OK      | AOL Instant Messenger: linuxfu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE59ncO2FWyBZrQ84IRAsVAAJ4jrNUb/UDUxfGSC0LMZ1rZ8JYDYgCfQshW
63xmr1oHCsOpMuyqwzTxrRo=
=l8I7
-----END PGP SIGNATURE-----