[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] HMAC-MD5

To: cfrg at ietf.org
Subject: Re: [Cfrg] HMAC-MD5
From: michaelslists at gmail.com
Date: Wed, 29 Mar 2006 12:59:14 +1100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pzIpT1Aj2PJxv0AXUXA2wZpraN8RLvN/b9GKPAwqzEY1UaXytgWvBIV59xvcFwNj2Oecn3MALpq3DlQdW34AYgbOmc1NppCSXlq7nBzOzmpxZgzySJ/Td51ULOW12WSal4E42bW5syTdAZOGDXiKKsmZHtIEHp/ObpGgLG7WmUM=
In-reply-to: <7.0.0.16.2.20060328155157.05b69860@vigilsec.com>
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <7.0.0.16.2.20060328155157.05b69860@vigilsec.com>
Reply-to: michaelslists at gmail.com

I thought that HMAC-MD5 was vulnerable if the key is known? That is,
the underlying function is still broken, so why risk it?

Key management is hardly easy, so there no reason to give it extra weight ?

-- Michael


On 3/29/06, Russ Housley <housley at vigilsec.com> wrote:
> At the SAAG session last week, Sam and I were asked about
> HMAC-MD5.  Is it safe to keep using it?  Should we encourage people
> to use HMAC-SHA1 or HMAC-SHA256 instead?  Why?
>
> Please provide advice on this matter in the next two weeks.  We have
> on working group that needs this advice very soon.
>
> Russ
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg at ietf.org
> https://www1.ietf.org/mailman/listinfo/cfrg
>

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- [Cfrg] HMAC-MD5
  - From: Russ Housley

Prev by Date: Re: [Cfrg] HMAC-MD5
Next by Date: RE: [Cfrg] HMAC-MD5
Previous by thread: Re: [Cfrg] HMAC-MD5
Next by thread: Re: [Cfrg] HMAC-MD5
Index(es):
- Date
- Thread