This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author brainsik
Recipients brainsik, georg.brandl
Date 2009-02-11.00:39:49
SpamBayes Score 0.0010348657
Marked as misclassified No
Message-id <1234312792.25.0.547667950303.issue5212@psf.upfronthosting.co.za>
In-reply-to
Content
The HMAC module page [1] says:

Note: The md5 hash has known weaknesses but remains the default for
backwards compatibility. Choose a better one for your application.

However, according to the "Hash Collision Q&A" [2] linked to from the
hashlib module [3], md5 is not vulnerable when used in an HMAC:

Q: Do these attacks break HMAC using MD5 or SHA-1?
A: No. Because of the way hash functions are used in the HMAC
construction, the techniques used in these recent attacks do not apply.

It seems like the note is incorrect.

1. http://docs.python.org/library/hmac.html
2. http://www.cryptography.com/cnews/hash.html
3. http://docs.python.org/library/hashlib.html
History
Date User Action Args
2009-02-11 00:39:52brainsiksetrecipients: + brainsik, georg.brandl
2009-02-11 00:39:52brainsiksetmessageid: <1234312792.25.0.547667950303.issue5212@psf.upfronthosting.co.za>
2009-02-11 00:39:50brainsiklinkissue5212 messages
2009-02-11 00:39:50brainsikcreate