[Dnssec-deployment] Root key roll questions, was Re: DNSSEC4J...
Roland van Rijswijk
Roland.vanRijswijk at surfnet.nl
Wed Feb 1 09:57:16 EST 2012
On 1 feb 2012, at 15:44, bert hubert wrote:
> On Wed, Feb 01, 2012 at 03:27:11PM +0100, Roland van Rijswijk wrote:
>> Thus, RSA-MD5 should be considered broken but so should DSA-MD5 and any
>> other signature algorithm that uses MD5 (e.g. HMAC-MD5).
>
> "Many systems continue to use HMAC-MD5 because a collision alone is not
> enough to compromise it. Because of the way the key is applied in HMAC, an
> attacker would have to generate an internal collision with the secret key,
> which is much harder than colliding with a chosen message"
>
> The urgency for replacing HMAC-MD5 is a lot lower than that for plain
> MD5-based signatures.
>
> Bert
>
> http://seclists.org/pen-test/2005/Nov/18 &
> http://rdist.root.org/2009/10/29/stop-using-unsafe-keyed-hashes-use-hmac/
I stand corrected ;-)
Cheers,
Roland
-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
More information about the Dnssec-deployment
mailing list