Knowledge Base

message authentication code^{[128][129][130][131]} is a hashed message authentication code^{[418][419][420][421][422][423][424]} which is considered secure^[435][436], despite the fact that the underlaying cryptographic hash function^{[510][511][512][513]} (MD5^{[227][228][229]}) is considered insecure^[139][140] as it vulnerable to collision attack^[566] in practice and to preimage attack^[215] in theory.

Leading client applications do not use this type of message authentication code^{[128][129][130][131]}. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code^{[128][129][130][131]} that does not provide authenticated encryption^[563] prefer block cipher mode of operation^{[293][294][295][296][297]} (eg: counter with CBC-MAC^{[266][267][268]}, Galois/Counter Mode^{[65][66][67][68]} or message authentication code^{[128][129][130][131]} (eg: Poly1305^[289][290]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^{[418][419][420][421][422][423][424]} prefer message authentication code^{[128][129][130][131]} based on Secure Hash Algorithm 2^[71][72][73] over the ones based on MD5^{[227][228][229]}.