[Dnssec-deployment] Root key roll questions, was Re: DNSSEC4J...

Roland van Rijswijk Roland.vanRijswijk at surfnet.nl
Wed Feb 1 09:57:16 EST 2012


On 1 feb 2012, at 15:44, bert hubert wrote:

> On Wed, Feb 01, 2012 at 03:27:11PM +0100, Roland van Rijswijk wrote:
>> Thus, RSA-MD5 should be considered broken but so should DSA-MD5 and any
>> other signature algorithm that uses MD5 (e.g.  HMAC-MD5).
> 
> "Many systems continue to use HMAC-MD5 because a collision alone is not
> enough to compromise it. Because of the way the key is applied in HMAC, an
> attacker would have to generate an internal collision with the secret key,
> which is much harder than colliding with a chosen message"
> 
> The urgency for replacing HMAC-MD5 is a lot lower than that for plain
> MD5-based signatures.
> 
> 	Bert
> 
> http://seclists.org/pen-test/2005/Nov/18 &
> http://rdist.root.org/2009/10/29/stop-using-unsafe-keyed-hashes-use-hmac/


I stand corrected ;-)

Cheers,

Roland

-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl



More information about the Dnssec-deployment mailing list