[21652] in cryptography@c2.net mail archive
Re: [Cfrg] HMAC-MD5
daemon@ATHENA.MIT.EDU (vlastimil.klima@volny.cz)
Wed Mar 29 10:52:46 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: vlastimil.klima@volny.cz
To: cryptography@metzdowd.com
Date: Wed, 29 Mar 2006 10:51:08 +0200 (CEST)
In-Reply-To: <20060328181121.95e10f09.smb@cs.columbia.edu>
I agree with Steven=B4s "I'd rather avoid HMAC-MD5, just as a matter
of future-proofing". And more.
In am nearly sure that a preimage attack (MD5) will be found in the
next two or three years.
Vlastimil Klima
http:/cryptography.hyperlink.cz
----- P=D9VODN=CD ZPR=C1VA -----
Od: "Steven M. Bellovin" <smb@cs.columbia.edu>
Komu: "Russ Housley" <housley@vigilsec.com>
P=F8edm=ECt: Re: [Cfrg] HMAC-MD5
Datum: 29.3.2006 - 1:11:25
> On Tue, 28 Mar 2006 16:20:59 -0500, Russ Housley
> <housley@vigilsec.com>
> wrote:
>=20
> > At the SAAG session last week, Sam and I were asked about=20
> > HMAC-MD5. Is it safe to keep using it? Should we encourage
> > people=20
> > to use HMAC-SHA1 or HMAC-SHA256 instead? Why?
> >=20
> > Please provide advice on this matter in the next two weeks.=20
> > We have=20
> > on working group that needs this advice very soon.
> >=20
> There are no risks from HMAC-MD5 from collision attacks. Hash
> function
> design has suddenly become a very hot topic, though.=20
> Collision-
> finding attacks on MD5 have gotten a lot faster, and people are
> starting to look very hard at the basic design. I personally
> will not
> be surprised if a preimage attack is found in the next two or
> three
> years, in which case all bets are off. (I've made this
> statement
> before; others have disagreed with me on the likelihood of
> collision
> attacks.) I'd rather avoid HMAC-MD5, just as a matter of
> future-proofing.
>=20
>=20
> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>=20
> _______________________________________________
> Cfrg mailing list
> Cfrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/cfrg
>=20
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
