[New-bugs-announce] [issue5212] Incorrect note about md5 in hmac module documentation
.:. brainsik
report at bugs.python.org
Wed Feb 11 01:39:52 CET 2009
New submission from .:. brainsik <spork-python at theory.org>:
The HMAC module page [1] says:
Note: The md5 hash has known weaknesses but remains the default for
backwards compatibility. Choose a better one for your application.
However, according to the "Hash Collision Q&A" [2] linked to from the
hashlib module [3], md5 is not vulnerable when used in an HMAC:
Q: Do these attacks break HMAC using MD5 or SHA-1?
A: No. Because of the way hash functions are used in the HMAC
construction, the techniques used in these recent attacks do not apply.
It seems like the note is incorrect.
1. http://docs.python.org/library/hmac.html
2. http://www.cryptography.com/cnews/hash.html
3. http://docs.python.org/library/hashlib.html
----------
assignee: georg.brandl
components: Documentation
messages: 81615
nosy: brainsik, georg.brandl
severity: normal
status: open
title: Incorrect note about md5 in hmac module documentation
type: security
versions: Python 2.5, Python 2.6, Python 3.0
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5212>
_______________________________________
More information about the New-bugs-announce
mailing list