[Cfrg] HMAC-MD5
vlastimil.klima at volny.cz
vlastimil.klima at volny.cz
Wed Mar 29 03:51:08 EST 2006
I agree with Steven´s "I'd rather avoid HMAC-MD5, just as a matter
of future-proofing". And more.
In am nearly sure that a preimage attack (MD5) will be found in the
next two or three years.
Vlastimil Klima
http:/cryptography.hyperlink.cz
----- PŮVODNÍ ZPRÁVA -----
Od: "Steven M. Bellovin" <smb at cs.columbia.edu>
Komu: "Russ Housley" <housley at vigilsec.com>
Předmět: Re: [Cfrg] HMAC-MD5
Datum: 29.3.2006 - 1:11:25
> On Tue, 28 Mar 2006 16:20:59 -0500, Russ Housley
> <housley at vigilsec.com>
> wrote:
>
> > At the SAAG session last week, Sam and I were asked about
> > HMAC-MD5. Is it safe to keep using it? Should we encourage
> > people
> > to use HMAC-SHA1 or HMAC-SHA256 instead? Why?
> >
> > Please provide advice on this matter in the next two weeks.
> > We have
> > on working group that needs this advice very soon.
> >
> There are no risks from HMAC-MD5 from collision attacks. Hash
> function
> design has suddenly become a very hot topic, though.
> Collision-
> finding attacks on MD5 have gotten a lot faster, and people are
> starting to look very hard at the basic design. I personally
> will not
> be surprised if a preimage attack is found in the next two or
> three
> years, in which case all bets are off. (I've made this
> statement
> before; others have disagreed with me on the likelihood of
> collision
> attacks.) I'd rather avoid HMAC-MD5, just as a matter of
> future-proofing.
>
>
> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
> _______________________________________________
> Cfrg mailing list
> Cfrg at ietf.org
> https://www1.ietf.org/mailman/listinfo/cfrg
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list