On Fri, 2017-01-27 at 13:56 -0800, Gordon Messmer wrote: > On 01/27/2017 10:59 AM, Leonard den Ottolander wrote: > > https://en.wikipedia.org/wiki/MD5 seems to disagree: > > > No, it doesn't. That page links to RFC 6151, which notes: > > "It is not urgent to stop using MD5 in other ways, such as HMAC-MD5" > > There's nothing wrong with disabling hmac-md5 in your own > configurations. I do it. But having it enabled is not considered by > experts to be a flaw, and it should not be alarming. Six years have gone since md5 is considered broken. I find the fact that MD5 is still configured as the default HMAC alarming in itself as it indicates a lack of proactiveness that we so bitterly need in this day and age of heartbleeds and the like. I consider it a faulty default. This is a broken primitive. It needs to be phased out so it should not be the default configuration. That's just common sense. No RFC can beat that ;-) . Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research