MD5 is no more considered secure
Manlio Perillo
manlio.perillo at gmail.com
Thu Dec 17 17:46:31 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi.
In the specification for the DSIG table, page 90 in the Open Font Format
specification, there is this item:
2. Hash the full stream of bytes using a secure one-way hash (such as
MD5) to create the content dig
Well, MD5 is *no more* considered secure:
http://en.wikipedia.org/wiki/MD5
Although MD5 is used just as an example, I propose that the text of the
specification should be changed, and another hash algorithm used.
Regards Manlio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAksqYGcACgkQscQJ24LbaUTOCACcDoKRAOv1jXdUkv6Q9jKDFy+F
fcoAoJhLY9OhkAXZ0+U5zBtFEHceD5sI
=bqdx
-----END PGP SIGNATURE-----
More information about the mpeg-otspec
mailing list