Author christian.heimes
Recipients christian.heimes, dmalcolm, sbt
Date 2013-02-20.20:43:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The statement "MD5 should no longer be used for security purposes" is not entirely correct. MD5 should no longer be used as cryptographic hash function for signatures. However HMAC-MD5 is a different story.


   The attacks on HMAC-MD5 do not seem to indicate a practical
   vulnerability when used as a message authentication code.
   Therefore, it may not be urgent to remove HMAC-MD5 from the existing
   protocols.  However, since MD5 must not be used for digital
   signatures, for a new protocol design, a ciphersuite with HMAC-MD5
   should not be included.

I agree that we should slowly migrate to a more modern MAC such as HMAC-SHA256. AES-CBC is too hard to get right and most AES implementation are vulnerable to timing attacks, too.

How about we include the name of the MAC in multiprocessing's wire protocol and define "no MAC name given" as HMAC-MD5? Please don't call it SHA256 but HMAC-SHA256, too.
Date User Action Args
2013-02-20 20:43:15christian.heimessetrecipients: + christian.heimes, dmalcolm, sbt
2013-02-20 20:43:14christian.heimessetmessageid: <>
2013-02-20 20:43:14christian.heimeslinkissue17258 messages
2013-02-20 20:43:14christian.heimescreate