[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib |
Date: |
Sat, 01 Jan 2005 20:20:27 +0100 |
Update of /home/cvs/gsasl/lib
In directory dopio:/tmp/cvs-serv22732
Modified Files:
NEWS
Log Message:
Add.
--- /home/cvs/gsasl/lib/NEWS 2005/01/01 18:15:02 1.92
+++ /home/cvs/gsasl/lib/NEWS 2005/01/01 19:20:27 1.93
@@ -4,6 +4,13 @@
* Version 0.2.4 (unreleased)
+** The CRAM-MD5 mechanism is now preferred over DIGEST-MD5.
+This decision was based on recent public research that suggest MD5 is
+broken, while HMAC-MD5 not immediately compromised, and the lack of
+public analysis on what consequences the MD5 break have for
+DIGEST-MD5. Support for CRAM-SHA1 is under investigation, to enable
+users to avoid MD5 completely
+
** The DIGEST-MD5 mechanism is rewritten and enabled by default.
The implementation is written so it can be used separately from GNU
SASL in your own product, it only uses C89 and two external symbols
- CVS gsasl/lib, gsasl-commit, 2005/01/01
- CVS gsasl/lib, gsasl-commit, 2005/01/01
- CVS gsasl/lib,
gsasl-commit <=
- CVS gsasl/lib, gsasl-commit, 2005/01/01
- CVS gsasl/lib, gsasl-commit, 2005/01/01
- CVS gsasl/lib, gsasl-commit, 2005/01/01
- CVS gsasl/lib, gsasl-commit, 2005/01/01
- CVS gsasl/lib, gsasl-commit, 2005/01/04
- CVS gsasl/lib, gsasl-commit, 2005/01/04