|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
IETF RFC 6151 (2011)
|
|
Title:
|
Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
|
|
|
2.
|
Status of approval:
|
|
|
Non-standards track Informational RFC approved March 2011.
|
|
3.
|
Justification for the specific reference:
|
|
|
F.748.32 (ex F.ADT4MM) uses the security considerations defined in this RFC when MD5 message-digest algorithms are needed. MD5 is widely used, although it is defined in an informational RFC.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
Information on IPR issues regarding document is available at: https://datatracker.ietf.org/ipr/search/.
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
This document is not an Internet Standards Track specification; it is published for informational purposes.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG).
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
Updates RFC 2104, RFC 1321.
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
Updates RFC 2104 (HMAC: Keyed-Hashing for Message Authentication), RFC 1321 (The MD5 Message-Digest Algorithm)
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
4. Informative References/
/
[AES-CMAC] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The AES-CMAC Algorithm", RFC 4493, June 2006./
/
[COYI2006] S. Contini, Y.L. Yin. Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. ASIACRYPT 2006. LNCS 4284, Springer, 2006./
/
[denBBO1993] den Boer, B. and A. Bosselaers, "Collisions for the compression function of MD5", Eurocrypt 1993./
/
[DOB1995] Dobbertin, H., "Cryptanalysis of MD5 Compress", Eurocrypt 1996./
/
[FLN2007] Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full key- recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. CRYPTO 2007. LNCS 4622, Springer, 2007./
/
[HASH-Attack] Hoffman, P. and B. Schneier, "Attacks on Cryptographic Hashes in Internet Protocols", RFC 4270, November 2005./
/
[HMAC] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997./
/
[HMAC-MD5] Cheng, P. and R. Glenn, "Test Cases for HMAC-MD5 and HMAC-SHA-1", RFC 2202, September 1997./
/
[HMAC-SHA256] Nystrom, M., "Identifiers and Test Vectors for HMAC- SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", RFC 4231, December 2005./
/
[KLIM2006] V. Klima. Tunnels in Hash Functions: MD5 Collisions within a Minute. Cryptology ePrint Archive, Report 2006/105 (2006), http://eprint.iacr.org/2006/105./
/
[LEUR2007] G. Leurent, Message freedom in MD4 and MD5 collisions: Application to APOP. Proceedings of FSE 2007. Lecture Notes in Computer Science 4715. Springer, 2007./
/
[MD5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992./
/
[POP] Myers, J. and M. Rose, "Post Office Protocol - Version 3", STD 53, RFC 1939, May 1996./
/
[SAAO2009] Y. Sasaki and K. Aoki. Finding preimages in full MD5 faster than exhaustive search. Advances in Cryptology - EUROCRYPT 2009, LNCS 5479 of Lecture Notes in Computer Science, Springer, 2009./
/
[SLdeW2007] Stevens, M., Lenstra, A., de Weger, B., Chosen-prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. EuroCrypt 2007./
/
[SLdeW2009] Stevens, M., Lenstra, A., de Weger, B., "Chosen-prefix Collisions for MD5 and Applications", Journal of Cryptology, 2009./
/
[SSALMOdeW2009] Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D., and B. de Weger. Short chosen- prefix collisions for MD5 and the creation of a rogue CA certificate, Crypto 2009./
/
[SP800-57] National Institute of Standards and Technology (NIST), Special Publication 800-57: Recommendation for Key Management - Part 1 (Revised), March 2007./
/
[SP800-131] National Institute of Standards and Technology (NIST), Special Publication 800-131: DRAFT Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes, June 2010./
/
[STEV2007] Stevens, M., "On Collisions for MD5", Master's Thesis, Eindhoven University of Technology, http://www.win.tue.nl/hashclash/ On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf./
/
[WAYU2005] X. Wang and H. Yu. How to Break MD5 and other Hash Functions. LNCS 3494. Advances in Cryptology - EUROCRYPT2005, Springer, 2005./
/
[WFLY2004] X. Wang, D. Feng, X. Lai, H. Yu, Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, 2004, http://eprint.iacr.org/2004/199.pdf/
[WYWZZ2009] X. Wang, H. Yu, W. Wang, H. Zhang, and T. Zhan. Cryptanalysis of HMAC/NMAC-MD5 and MD5-MAC. LNCS 5479. Advances in Cryptology - EUROCRYPT2009, Springer, 2009.
|
|
9.
|
Qualification of
ISOC/IETF:
|
|
|
9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996).
9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process.
9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
|
