oss-sec mailing list archives
Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations
From: Peter Gutmann <pgut001 () cs auckland ac nz>
Date: Sun, 14 Jun 2026 09:20:04 +0000
Jacob Bachmeyer <jcb62281 () gmail com> writes:
Does the shorter output length (128 bits for MD5; 160 bits for SHA-1) cause problems? Has the general advance of computing power caught up to HMAC-MD5 and HMAC-SHA1, or do they remain secure? (Similar to how DES remains unbroken in the cryptanalytic sense, but its 56-bit keyspace is now vulnerable to brute force.)
Anything above around 2^110 is computationally infeasible for the indefinite future (for reference, the entire global Bitcoin hash rate is 2^94 per year). Peter.
Current thread:
- CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Robert Rothenberg (Jun 12)
- Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Peter Gutmann (Jun 12)
- Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Jacob Bachmeyer (Jun 14)
- Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Peter Gutmann (Jun 14)
- Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Harry Sintonen (Jun 14)
- Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Jacob Bachmeyer (Jun 14)
- Re: CVE-2026-9641: Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations Peter Gutmann (Jun 12)
