Knowledge Base

message authentication code^{[135][136][137][138]} is a hashed message authentication code^{[139][140][141][142][143][144][145]} which is considered secure^[456][457], despite the fact that the underlaying cryptographic hash function^{[94][95][96][97]} (MD5^{[197][198][199]}) is considered insecure^[200][201] as it vulnerable to collision attack^[57] in practice and to preimage attack^[67] in theory.

Leading client applications do not use this type of message authentication code^{[135][136][137][138]}. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code^{[135][136][137][138]} that does not provide authenticated encryption^[74] prefer block cipher mode of operation^{[82][83][84][85][86]} (eg: counter with CBC-MAC^[32][33][34], Galois/Counter Mode^{[46][47][48][49]} or message authentication code^{[135][136][137][138]} (eg: Poly1305^[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^{[139][140][141][142][143][144][145]} prefer message authentication code^{[135][136][137][138]} based on Secure Hash Algorithm 2^{[212][213][214]} over the ones based on MD5^{[197][198][199]}.