On Wed, 11 Dec 2002 20:40:02 +0100 Rainer Gerhards <rgerhardsat_private> wrote: > > I've read around that several implementations support some > > sort of hash for modification detection, could someone point > > me to the specs for these hash systems? are they based on a > > standard (rfc?) > > There is a RFC on MD5 > > http://www.ietf.org/rfc/rfc1321.txt > > However, I wonder if MD5 will acutally help in court as long it is not > protected inside a crypt sig - somebody out there with an opinion on > this? depends on the circumstances. in normal deployment in IPSec or SSL, you would use HMAC-MD5 or HMAC-SHA1, which are signed, and thus provide authentication of the source as well as modification detection. tje hmac algorithm is covered in http://www.ietf.org/rfc/rfc2104.txt richard -- Richard Welty rweltyat_private Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 14:44:59 PST