raaay, good for sander. HMAC_MD5 is used in NTLMv2 security to help guarantee against replay attacks on different sessions [NTLMv2 doesn't stop replay attacks on the _same_ session :)]
HMAC_xxx is used to generate one-way hashes from secret keys and public data, basically. if you have to one-way hash, it's pretty much O(N ^^ -128) likely that you will be able to obtain the secret key. sander, just a thought: would it be possible for to write a general HMAC_xx that accepts an xx? and then HMAC_MD5 being a specialisation of that? or, is it simply worth saying,well, uh, if you're gonna do that, forget it: use openssl. ? On Tue, Jun 05, 2001 at 07:34:33PM +0100, Ben Laurie wrote: > Justin Erenkrantz wrote: > > > > On Tue, Jun 05, 2001 at 01:54:05AM +0200, Sander Striker wrote: > > > Hi, > > > > > > This patch adds HMAC MD5 to apr-util. > > > > Where would we use this? Is this algorithm of sufficient usage that it > > would benefit being in apr-util? I've never heard of HMAC before - I > > had to look it up on rfc-editor.org. Maybe I live in a paper bag. > > Please be assured that you _do_ live in a paper bag. HMACs are good > things if you care about security. :-) > > Cheers, > > Ben. > > -- > http://www.apache-ssl.org/ben.html > > "There is no limit to what a man can do or how far he can go if he > doesn't mind who gets the credit." - Robert Woodruff
