* Nikos Mavrogiannopoulos: > That's what I say above. No real attacks exist although its security > is questioned (ECRYPT II report on algorithms and key sizes). The text > mentions: "The recent advances in the cryptanalysis of MD5 (see Section > 10.3), and specifically HMAC-MD5 (e.g. [58, 143, 213, 83, 256]), suggest > that implementers should move away from HMAC-MD5 as soon as possible."
Apparently, it's not yet possible. And there have been claims tha tthe MD5 attacks do not apply at all to HMAC-MD5. The way HMAC-MD5 is used in TLS does not appear to be very demanding, either (a commitment scheme could be worse, for instance). -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
