Jacob Bachmeyer <[email protected]> writes: >Does the shorter output length (128 bits for MD5; 160 bits for SHA-1) cause >problems? Has the general advance of computing power caught up to HMAC-MD5 >and HMAC-SHA1, or do they remain secure? (Similar to how DES remains unbroken >in the cryptanalytic sense, but its 56-bit keyspace is now vulnerable to >brute force.)
Anything above around 2^110 is computationally infeasible for the indefinite future (for reference, the entire global Bitcoin hash rate is 2^94 per year). Peter.
