The gzip author also says that the availability of gzip might obviate
our need for MD5....
To: Nathaniel Borenstein <nsb(_at_)thumper(_dot_)bellcore(_dot_)com>
Subject: Re: Gzip spec available?
Date: Thu, 04 Mar 93 15:23:21 +0100
From: Jean-loup Gailly <jloup(_at_)chorus(_dot_)fr>
There's already a spec for using MD5 as a message integrity check
gzip uses a crc32 for integrity check. This is quite sufficient. MD5
is really overkill, it was designed only for cryptographic
applications.
On the other hand, I'd consider gzip overkill just to get integrity
checking. MD5 is not that slow, nor is it that large or difficult
to implement.
Yes, it can be used for integrity check but it is really
not worth slowing down the algorithm for no practical gain. Of course,
if you use public key cryptography to sign the messages you need MD5
anyway, but as you know all of public key cryptography is patented.
PKP even claims that the DSS is covered by their patents.
So? This is neither here nor there and doesn't really apply to MD5
for purposes of integrity checking.
Louis A. Mamakos
University of Maryland, College Park