[Bro-Dev] md5_hash vs. md5_hmac
seth at icir.org
Mon Nov 21 10:30:50 PST 2011
On Nov 21, 2011, at 1:26 PM, Vern Paxson wrote:
> They're not identical. (At least, not in 1.5, which is what I can easily
> check.) md5_hash() calls hash_md5_val() rather than hmac_md5_val().
> Per the CHANGES:
> - The new built-in md5_hmac() returns an HMAC-MD5 hash of the given string
> (Ruoming Pang). The HMAC secret key is generated from available entropy
> when Bro starts up, or it can be specified for repeatability using
> the new -K flag.
That should still be correct since I wasn't looking for an HMAC value with the md5_hash function and we haven't touched that code since it was added.
International Computer Science Institute
(Bro) because everyone has a network
More information about the bro-dev