Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Old hash functions or short MAC tag #1228
For a future release, I would like to propose to classify the use of old hash functions or short MACs.
This could be triggered when using MD5 or SHA-1 for KDF or MAC. Besides, it could also be triggered when using a short MAC tag, as in CCM_8 (which is not recommended by IANA, see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4).
For the severity, I propose a yellow marking. Currently we have the not so bad category "Average: SEED + 128+256 Bit CBC ciphers". A similar category like "Old hash functions or short MAC tag" could be introduced.