[Dnssec-deployment] Root key roll questions, was Re: DNSSEC4J...
bert hubert
bert.hubert at netherlabs.nl
Wed Feb 1 09:44:59 EST 2012
On Wed, Feb 01, 2012 at 03:27:11PM +0100, Roland van Rijswijk wrote:
> Thus, RSA-MD5 should be considered broken but so should DSA-MD5 and any
> other signature algorithm that uses MD5 (e.g. HMAC-MD5).
"Many systems continue to use HMAC-MD5 because a collision alone is not
enough to compromise it. Because of the way the key is applied in HMAC, an
attacker would have to generate an internal collision with the secret key,
which is much harder than colliding with a chosen message"
The urgency for replacing HMAC-MD5 is a lot lower than that for plain
MD5-based signatures.
Bert
http://seclists.org/pen-test/2005/Nov/18 &
http://rdist.root.org/2009/10/29/stop-using-unsafe-keyed-hashes-use-hmac/
More information about the Dnssec-deployment
mailing list