|
|
|
|
|
|
by tptacek
4625 days ago
|
|
|
And now I'd like to say for the third time that no, there was no "just use MD5" meme in cryptography or in software development, and if TLS is an illustration of anything, it's of not simply leaning on MD5. Once again: the TLS protocol itself is not vulnerable because of MD5, and it's not vulnerable because its designers and implementors both knew about and accounted for the weaknesses of MD5. The author took the opposite lesson from TLS than the one that it actually demonstrates, and the commenter above is harping on that broken lesson. |
|
|
Thank you for your replies tptacek, I've learned much from this discussion. If I could edit my top comment, I would.