Bug#623001: libgnutls26: fails to handshake on a number of sites (firefox works)

Florian Weimer fweimer at bfk.de
Tue Apr 26 16:18:49 CEST 2011

* Nikos Mavrogiannopoulos:

> That's what I say above. No real attacks exist although its security
> is questioned (ECRYPT II report on algorithms and key sizes). The text
> mentions: "The recent advances in the cryptanalysis of MD5 (see Section
> 10.3), and specifically HMAC-MD5 (e.g. [58, 143, 213, 83, 256]), suggest
> that implementers should move away from HMAC-MD5 as soon as possible."

Apparently, it's not yet possible.  And there have been claims tha
tthe MD5 attacks do not apply at all to HMAC-MD5.  The way HMAC-MD5 is
used in TLS does not appear to be very demanding, either (a commitment
scheme could be worse, for instance).

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the Gnutls-devel mailing list