No, you are not allowed to use MD5 for a checksum. The only reason TLS skates around it (and can use MD5 internally) is because TLS defines its PRF as an XOR of 5 rounds of MD5 against 4 rounds of SHA-1, and SHA-1 is still secure enough.
-Kyle H On Tue, Aug 18, 2009 at 5:42 AM, Pandit Panburana<ppanb...@yahoo.com> wrote: > I could be wrong with this but I think it might be possible to use MD5 for > the purpose of checksum (fancy). I also believe HMAC_MD5 part of SSL/TLS > is acceptable. > Regards, > - Pandit > ________________________________ > From: David Schwartz <dav...@webmaster.com> > To: openssl-users@openssl.org > Sent: Monday, August 17, 2009 7:40:43 PM > Subject: RE: FIPS 14-2 vs MD5 > > > Roger No-Spam wrote: > >> When building openssl in FIPS 140-2 mode, the MD5 algorithm is >> not available for use. There are, however, several RFCs that mandate >> the use of MD5. Would it be possible to partition a system into a >> FIPS 140-2 part (more security critical parts, e.g SSL) and one other >> part that can include support for RFCs that mandate MD5 (e.g. TCP MD5 >> checksum option, PPP CHAP, etc.). Would it be possible to FIPS 140-2 >> validate such a system? What would the requirements be regarding the >> partitioning? > > Simply disable all those things in FIPS mode. There is no requirement that > your system be useful in FIPS mode, only that it be secure. That is what > everyone else does. > > For example, the first Windows versions to support high-security modes > disabled all networking devices and all removable media devices. Linux > requires you to remove the power cord. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
