> Just to clarify, does this also apply to HMAC-MD5 (block size = 64 bytes,
> digest size = 16 bytes) ?
MD5 is not affected.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lis
On Jan 9 2010, Evan Hunt wrote:
We've recently found out about an interoperability flaw affecting all the
HMAC-SHA* algorithms; it affects any key with a secret longer than the
digest length of the algorithm (which is 28 bytes, for HMAC-SHA224). If
your secret is longer than that, try a shorter
> You hit the nail on the head. I should have thought to test shorter
> keys. I was using a 32-byte key. Just tested with 28 bytes and the
> problem does indeed go away with the shorter key.
Excellent.
> > If that's the problem, I can give you a workaround for the long key.
>
> I would very much
On 2010-01-09 07:44, Evan Hunt wrote:
>> Has anyone else tried to communicate with TSIG using HMAC-SHA224 between
>> BIND and other DNS implementations?
>
> We've recently found out about an interoperability flaw affecting all the
> HMAC-SHA* algorithms; it affects any key with a secret longer th
> Has anyone else tried to communicate with TSIG using HMAC-SHA224 between
> BIND and other DNS implementations?
We've recently found out about an interoperability flaw affecting all the
HMAC-SHA* algorithms; it affects any key with a secret longer than the
digest length of the algorithm (which i
Greetings.
Has anyone else tried to communicate with TSIG using HMAC-SHA224 between
BIND and other DNS implementations?
I'm using Perl's Net::DNS and BIND 9.6.1p2 and I'm able to sign messages
with TSIG using HMAC-MD5, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, and
HMAC-SHA512 successfully. But HM
6 matches
Mail list logo
