Re: [Cfrg] HMAC-MD5

["Steven M. Bellovin" <smb at cs.columbia.edu>]

On Wed, 29 Mar 2006 08:18:54 -0800, Paul Hoffman
<paul.hoffman at vpnc.org> wrote:

> At 3:26 PM +0100 3/29/06, Ben Laurie wrote:
> >Just an extra data point, I believe the latest s/w for collisions has it
> >down to just two seconds!
> 
> Serious question: why is this a data point for the question about 
> HMAC-MD5? What part of being able to make essentially as many 
> collisions as you want as quickly as you want affects whether or not 
> we should continue to use HMAC-MD5?

I interpreted as a sign of how much better the attacks are getting --
people are looking at hash functions, and they're making progess on
attacks.

To be sure, from what I've heard the current attack technology doesn't
lend itself towards preimage attacks.  But I'll quote David Wagner
(albeit to draw a different conclusion): we don't know as much about
hash functions as we'd like.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg