Hello Gordon, On Fri, 2017-01-27 at 10:26 -0800, Gordon Messmer wrote:> Cryptographers still consider MD5 secure for HMAC use. Wikipedia's > references (currently 6, 7, and 8) in this article are useful: > > https://en.wikipedia.org/wiki/Hash-based_message_authentication_codehttps://en.wikipedia.org/wiki/MD5 seems to disagree: "The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use"." SHA-1 is not as severely broken as MD5, so the argument that Schneier made in 2009 that SHA-1 is still suitable as a HMAC cannot necessarily be extended to MD5. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
On 01/27/2017 10:59 AM, Leonard den Ottolander wrote:> https://en.wikipedia.org/wiki/MD5 seems to disagree:No, it doesn't. That page links to RFC 6151, which notes: "It is not urgent to stop using MD5 in other ways, such as HMAC-MD5" There's nothing wrong with disabling hmac-md5 in your own configurations. I do it. But having it enabled is not considered by experts to be a flaw, and it should not be alarming.
On Fri, 2017-01-27 at 13:56 -0800, Gordon Messmer wrote:> On 01/27/2017 10:59 AM, Leonard den Ottolander wrote: > > https://en.wikipedia.org/wiki/MD5 seems to disagree: > > > No, it doesn't. That page links to RFC 6151, which notes: > > "It is not urgent to stop using MD5 in other ways, such as HMAC-MD5" > > There's nothing wrong with disabling hmac-md5 in your own > configurations. I do it. But having it enabled is not considered by > experts to be a flaw, and it should not be alarming.Six years have gone since md5 is considered broken. I find the fact that MD5 is still configured as the default HMAC alarming in itself as it indicates a lack of proactiveness that we so bitterly need in this day and age of heartbleeds and the like. I consider it a faulty default. This is a broken primitive. It needs to be phased out so it should not be the default configuration. That's just common sense. No RFC can beat that ;-) . Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research