[cryptography] MD5 in MACs in SSL

Samuel Neves sneves at dei.uc.pt
Tue Sep 13 19:46:58 EDT 2011

On 13-09-2011 16:16, Ralph Holz wrote:
> Hi,
> I'm wondering about the use of MD5 in SSL MACs. We see that quite often
> here. What is your take on it?
> Given that SSL includes replay protection for its session keys, it does
> not seem to give an attacker any useful time window, but am I missing
> something maybe?
> Ralph

MACs (read: HMAC) tend to rely on the hash function's second preimage
resistance; collision resistance is not a very big deal. MD5 should be
fine, although not recommended.
Samuel Neves

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110913/22279c02/attachment.html>

More information about the cryptography mailing list