[wsf-dev] 160 bit message id
John Kemp
john.kemp at mac.com
Mon Apr 30 16:52:25 EDT 2007
Hi Asa,
The idea (I think) is that it should be pretty unlikely to have two
implementations accidentally (or on purpose in the case of an attacker)
generate the same message ID.
Given that some implementations may do this by using a hashing algorithm
(which is one fairly common type of pseudo-random number generator);
that an MD5 hash generates (IIRC) a 128-bit value and SHA-1 a 160-bit
value, and further, that MD5 is now known to be vulnerable to
collision-based attacks (and SHA-1 to my knowledge is not - yet) I think
this is a hint that if you're doing pseudo-random numbers via a hashing
algorithm you shouldn't use anything less "strong" than SHA-1 to do it.
Regards,
- John
Asa Hardcastle wrote:
> Hi All,
>
> Does anyone know the origin of the 160 bit message id requirement in the
> <wsa:MessageID> header? Before I read that line I was thinking of using
> a 128 bit UUID.
>
> thanks,
>
> asa
>
>
>
>
> --
> Asa Hardcastle, Technical Lead, openLiberty
> Tel: +1.413.429.1044 Skype: subsystem7
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> wsf-dev mailing list
> wsf-dev at openliberty.org
> http://lists.openliberty.org/mailman/listinfo/wsf-dev
More information about the wsf-dev
mailing list