[Bro-Dev] md5_hash vs. md5_hmac
Vern Paxson
vern at icir.org
Mon Nov 21 10:26:15 PST 2011
> The implementation of md5_hash(...) and md5_hmac(...) in bro.bif is
> identical:
>
> %{
> unsigned char digest[16];
> hmac_md5_val(@ARG@, digest);
> return new StringVal(md5_digest_print(digest));
> %}
They're not identical. (At least, not in 1.5, which is what I can easily
check.) md5_hash() calls hash_md5_val() rather than hmac_md5_val().
Per the CHANGES:
- The new built-in md5_hmac() returns an HMAC-MD5 hash of the given string
(Ruoming Pang). The HMAC secret key is generated from available entropy
when Bro starts up, or it can be specified for repeatability using
the new -K flag.
Vern
More information about the bro-dev
mailing list