From Newsgroup: comp.protocols.dns.bind
On Tue, Jul 07, 2020 at 04:32:37PM -0700, Gregory Sloop wrote:
I've seen reports that only HMAC-MD5 is the only valid key type.
That was the case at one time, but hasn't been for years.
Is there any (security) reason/implications to use something "better"
than MD5?
MD5 is broken (as is SHA1). In this specific context, a forged rndc message
is probably impracticable on any reasonable time scale, and I wouldn't fear
for security if I were using them. *But*, they're broken, and crypto
people don't like keeping broken things around, so I wouldn't count on them being supported forever. We've already removed MD5 support in the context
of DNSSEC keys; TSIG could come next.
So, if you want to generate a key and not have to worry about generating another one in a year or two, I would advise against MD5 or SHA1.
Is there any reason not to select the strongest - HMAC-SHA512?
No, go ahead. I tend to use sha256, just because it's the default
from rndc-confgen.
--
Evan Hunt --
each@isc.org
Internet Systems Consortium, Inc.
--- Synchronet 3.18a-Linux NewsLink 1.113