New submission from .:. brainsik <spork-pyt...@theory.org>: The HMAC module page [1] says:
Note: The md5 hash has known weaknesses but remains the default for backwards compatibility. Choose a better one for your application. However, according to the "Hash Collision Q&A" [2] linked to from the hashlib module [3], md5 is not vulnerable when used in an HMAC: Q: Do these attacks break HMAC using MD5 or SHA-1? A: No. Because of the way hash functions are used in the HMAC construction, the techniques used in these recent attacks do not apply. It seems like the note is incorrect. 1. http://docs.python.org/library/hmac.html 2. http://www.cryptography.com/cnews/hash.html 3. http://docs.python.org/library/hashlib.html ---------- assignee: georg.brandl components: Documentation messages: 81615 nosy: brainsik, georg.brandl severity: normal status: open title: Incorrect note about md5 in hmac module documentation type: security versions: Python 2.5, Python 2.6, Python 3.0 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue5212> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
