Michael Sideris <[email protected]> wrote: > It seems that changing to hmac-md5 boosted network throughput from > ~50Mbit/s to ~100Mbit/s which is decent and reasonable. I am going to > experiment a bit further with `scrub` options in pf.conf to see if I > can squeeze more performance out of the link. The question now > is....how much is security affected by using hmac-md5 vs the default > hmac-sha2-256?
At present, negligibly. The HMAC construction uses MD5 in a way that it is not affected by the known MD5 vulnerabilities. A difference is that the HMAC-MD5 authentication tags are truncated to 96 bits, the HMAC-SHA256 ones to 128 bits, but this doesn't have practical relevance either. Note that SSH continues to use (untruncated) hmac-md5 by default. Of course, if you are setting up something where you'll be stuck with the chosen algorithms for the next 15 years, you may want to use something with a bigger security margin. -- Christian "naddy" Weisgerber [email protected]
