Re: [Cfrg] HMAC-MD5
"Steven M. Bellovin" <smb@cs.columbia.edu> Tue, 28 March 2006 23:11 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FONLQ-0000Oy-Cn; Tue, 28 Mar 2006 18:11:24 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FONLP-0000Ot-Su for cfrg@ietf.org; Tue, 28 Mar 2006 18:11:23 -0500
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FONLO-0004X4-K7 for cfrg@ietf.org; Tue, 28 Mar 2006 18:11:23 -0500
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 17D4DFB2A3; Tue, 28 Mar 2006 18:11:22 -0500 (EST)
Received: by berkshire.machshav.com (Postfix, from userid 54047) id 424E03C0014; Tue, 28 Mar 2006 18:11:21 -0500 (EST)
Date: Tue, 28 Mar 2006 18:11:21 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Russ Housley <housley@vigilsec.com>
Subject: Re: [Cfrg] HMAC-MD5
Message-Id: <20060328181121.95e10f09.smb@cs.columbia.edu>
In-Reply-To: <7.0.0.16.2.20060328155157.05b69860@vigilsec.com>
References: <7.0.0.16.2.20060328155157.05b69860@vigilsec.com>
Organization: Columbia University
X-Mailer: Sylpheed version 2.2.1 (GTK+ 2.8.11; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: cfrg@ietf.org
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
On Tue, 28 Mar 2006 16:20:59 -0500, Russ Housley <housley@vigilsec.com> wrote: > At the SAAG session last week, Sam and I were asked about > HMAC-MD5. Is it safe to keep using it? Should we encourage people > to use HMAC-SHA1 or HMAC-SHA256 instead? Why? > > Please provide advice on this matter in the next two weeks. We have > on working group that needs this advice very soon. > There are no risks from HMAC-MD5 from collision attacks. Hash function design has suddenly become a very hot topic, though. Collision- finding attacks on MD5 have gotten a lot faster, and people are starting to look very hard at the basic design. I personally will not be surprised if a preimage attack is found in the next two or three years, in which case all bets are off. (I've made this statement before; others have disagreed with me on the likelihood of collision attacks.) I'd rather avoid HMAC-MD5, just as a matter of future-proofing. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] HMAC-MD5 Russ Housley
- Re: [Cfrg] HMAC-MD5 David Wagner
- Re: [Cfrg] HMAC-MD5 Steven M. Bellovin
- Re: [Cfrg] HMAC-MD5 Russ Housley
- Re: [Cfrg] HMAC-MD5 Ben Laurie
- Re: [Cfrg] HMAC-MD5 Paul Hoffman
- Re: [Cfrg] HMAC-MD5 Steven M. Bellovin
- Re: [Cfrg] HMAC-MD5 Daniel Brown
- Re: [Cfrg] HMAC-MD5 Ben Laurie
- Re: [Cfrg] HMAC-MD5 michaelslists
- RE: [Cfrg] HMAC-MD5 Hallam-Baker, Phillip
- Re: [Cfrg] HMAC-MD5 D. J. Bernstein