[Bro-Dev] md5_hash vs. md5_hmac

Vern Paxson vern at icir.org
Mon Nov 21 10:26:15 PST 2011

> The implementation of md5_hash(...) and md5_hmac(...) in bro.bif is
> identical:
>     %{
>     unsigned char digest[16];
>     hmac_md5_val(@ARG@, digest);
>     return new StringVal(md5_digest_print(digest));
>     %}

They're not identical.  (At least, not in 1.5, which is what I can easily
check.)  md5_hash() calls hash_md5_val() rather than hmac_md5_val().
Per the CHANGES:

- The new built-in md5_hmac() returns an HMAC-MD5 hash of the given string
  (Ruoming Pang).  The HMAC secret key is generated from available entropy
  when Bro starts up, or it can be specified for repeatability using
  the new -K flag.


More information about the bro-dev mailing list