[issue17258] multiprocessing.connection challenge implicitly uses MD5
Christian Heimes
report at bugs.python.org
Wed Feb 20 21:43:14 CET 2013
Christian Heimes added the comment:
The statement "MD5 should no longer be used for security purposes" is not entirely correct. MD5 should no longer be used as cryptographic hash function for signatures. However HMAC-MD5 is a different story.
>From https://tools.ietf.org/html/rfc6151
The attacks on HMAC-MD5 do not seem to indicate a practical
vulnerability when used as a message authentication code.
[...]
Therefore, it may not be urgent to remove HMAC-MD5 from the existing
protocols. However, since MD5 must not be used for digital
signatures, for a new protocol design, a ciphersuite with HMAC-MD5
should not be included.
I agree that we should slowly migrate to a more modern MAC such as HMAC-SHA256. AES-CBC is too hard to get right and most AES implementation are vulnerable to timing attacks, too.
How about we include the name of the MAC in multiprocessing's wire protocol and define "no MAC name given" as HMAC-MD5? Please don't call it SHA256 but HMAC-SHA256, too.
----------
nosy: +christian.heimes
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17258>
_______________________________________
More information about the Python-bugs-list
mailing list