[erlang-questions] OpenSSL 1.0 removed md2 and this affects Erlang/OTP builds.

Jesper Louis Andersen <>
Wed Oct 5 14:40:41 CEST 2011


On Wed, Oct 5, 2011 at 14:24, Attila Rajmund Nohl
<> wrote:
> 2011/10/5, Jesper Louis Andersen <>:
> [...]
>> On the same basis: When do we get to ditch MD5 and SHA1?
>
> They are used by SNMPv3 so I don't think it's that easy to ditch them...

I was probably too harsh in my choice of words. What I'd like is to
have the cryptographic algorithm have the back seat and the concept
(message digests) having the drivers seat. So you are going to say "I
want a message digest algorithm, specifically this one" or "I want a
MAC, specifically an HMAC-SHA1". I am aware you can't get rid of MD5,
even though it shouldn't be used for anything new. Good cryptographic
design today makes it easy to change one algorithm for another,
because it will effectively nullify many weaknesses. I'd like an API
which makes this idea easy to implement.

> As far as I know, it is possible to generate two sets of binary data
> that has the same MD5 digest.

Yep, that is 2nd preimage resistance broken. A message digest
algorithm is not injective, but we would like to get as close to an
injective function as possible.

> Again, as far as I know, the SNMPv3
> packet format is not quite like this, so I'm not  sure we can say that
> MD5 authentication is broken for SNMPv3. I definitely would like to
> keep MD5 in the future.

In SNMPv3, you may be referring to HMAC-MD5, which is a Hash-based
Message Authentication Code. HMAC-MD5 does not suffer from the 2nd
preimage resistance weakness directly, so it is relatively safe to use
in that specific case.

-- 
J.



More information about the erlang-questions mailing list