Bug#623001: libgnutls26: fails to handshake on a number of sites (firefox works)
Florian Weimer
fweimer at bfk.de
Tue Apr 26 16:18:49 CEST 2011
* Nikos Mavrogiannopoulos:
> That's what I say above. No real attacks exist although its security
> is questioned (ECRYPT II report on algorithms and key sizes). The text
> mentions: "The recent advances in the cryptanalysis of MD5 (see Section
> 10.3), and specifically HMAC-MD5 (e.g. [58, 143, 213, 83, 256]), suggest
> that implementers should move away from HMAC-MD5 as soon as possible."
Apparently, it's not yet possible. And there have been claims tha
tthe MD5 attacks do not apply at all to HMAC-MD5. The way HMAC-MD5 is
used in TLS does not appear to be very demanding, either (a commitment
scheme could be worse, for instance).
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Gnutls-devel
mailing list