[Bro-Dev] md5_hash vs. md5_hmac

Seth Hall seth at icir.org
Mon Nov 21 10:30:50 PST 2011

On Nov 21, 2011, at 1:26 PM, Vern Paxson wrote:

> They're not identical.  (At least, not in 1.5, which is what I can easily
> check.)  md5_hash() calls hash_md5_val() rather than hmac_md5_val().
> Per the CHANGES:
> - The new built-in md5_hmac() returns an HMAC-MD5 hash of the given string
>  (Ruoming Pang).  The HMAC secret key is generated from available entropy
>  when Bro starts up, or it can be specified for repeatability using
>  the new -K flag.

That should still be correct since I wasn't looking for an HMAC value with the md5_hash function and we haven't touched that code since it was added.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list