Knowledge Base

B

MAC Algorithm: message authentication code MD5 (MD5)

Summary

Security
message authentication code[128][129][130][131] is a hashed message authentication code[418][419][420][421][422][423][424] which is considered secure[435][436], despite the fact that the underlaying cryptographic hash function[510][511][512][513] (MD5[227][228][229]) is considered insecure[139][140] as it vulnerable to collision attack[566] in practice and to preimage attack[215] in theory.
Suggestion
Leading client applications do not use this type of message authentication code[128][129][130][131]. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code[128][129][130][131] that does not provide authenticated encryption[563] prefer block cipher mode of operation[293][294][295][296][297] (eg: counter with CBC-MAC[266][267][268], Galois/Counter Mode[65][66][67][68] or message authentication code[128][129][130][131] (eg: Poly1305[289][290]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[418][419][420][421][422][423][424] prefer message authentication code[128][129][130][131] based on Secure Hash Algorithm 2[71][72][73] over the ones based on MD5[227][228][229].

Evaluate your host!

Type a URL to analyze a service

Get a prompt and clear overview of your security configuration. Right now!

Config Snippets

You can fix your security setting with the following config snippets in various services. You simply copy-paste (or delete) them to get a better secirity and grade. Do not forget to re-check your modified settings above.

If you want to reveal your security weaknesses and monitor your services or supply chain sign up for our beta test.

i
NGINX
OpenSSL version: 0.9.8+
ssl_ciphers …:!MD5
i
Apache
OpenSSL version: 0.9.8+
SSLCipherSuite …:!MD5

Affected Ciphersuites