hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: use of MD5 and security violations
Date Fri, 24 Oct 2008 01:37:27 GMT
On 24/10/2008, Lovette, Steve <steve.lovette@lmco.com> wrote:
> HC development community
>   As I understand it NIST FIPS 180-2 does not support the use of the MD5
>  algorithm for digest functions. In researching government security STIGS
>  this appears to be a security violation (i.e. vulnerability). However, I
>  see that it is still in use with the HC 3.1. So I am surprised and
>  suspecting that I am missing something. I don't see this issue addressed
>  on the Apache HC Web site or the code fixed.

In what respect does the use of MD5 make HC vulnerable?

>  Any insight would greatly appreciated.

I think you may have misunderstood the function of HttpClient.
HC is a client library for communicating with web-servers, and as such
follows the relevant HTTP RFCs.

What motivates your question?

>  Thank you, Steve

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message