Discourage use of HMAC-MD5.

Fixes https://github.com/google/guava/pull/7131 RELNOTES=n/a PiperOrigin-RevId: 622450594
author: cpovirk <cpovirk@google.com> 2024-04-06 08:31:42 -0700
committer: Google Java Core Libraries <jake-team+copybara@google.com> 2024-04-06 08:34:20 -0700
commit: d364abbfd08f767af612d071a9298b19dad9e810 (patch)
tree: acd9a58bf9b71cf9b8c05b116ca6359a4f75a3d9
parent: faa651613b7daa8a81cab89f8fdc77feaeb8cd2e (diff)
download: guava-d364abbfd08f767af612d071a9298b19dad9e810.tar.gz
2 files changed, 16 insertions, 0 deletions
diff --git a/android/guava/src/com/google/common/hash/Hashing.java b/android/guava/src/com/google/common/hash/Hashing.java
index 1d9d1e741..2f7141ab8 100644
--- a/android/guava/src/com/google/common/hash/Hashing.java
+++ b/android/guava/src/com/google/common/hash/Hashing.java
@@ -281,6 +281,10 @@ public final class Hashing {
    * Returns a hash function implementing the Message Authentication Code (MAC) algorithm, using the
    * MD5 (128 hash bits) hash function and the given secret key.
    *
+   * <p>If you are designing a new system that needs HMAC, prefer {@link #hmacSha256} or other
+   * future-proof algorithsm <a
+   * href="https://datatracker.ietf.org/doc/html/rfc6151#section-2.3">over {@code hmacMd5}</a>.
+   *
    * @param key the secret key
    * @throws IllegalArgumentException if the given key is inappropriate for initializing this MAC
    * @since 20.0
@@ -294,6 +298,10 @@ public final class Hashing {
    * MD5 (128 hash bits) hash function and a {@link SecretKeySpec} created from the given byte array
    * and the MD5 algorithm.
    *
+   * <p>If you are designing a new system that needs HMAC, prefer {@link #hmacSha256} or other
+   * future-proof algorithsm <a
+   * href="https://datatracker.ietf.org/doc/html/rfc6151#section-2.3">over {@code hmacMd5}</a>.
+   *
    * @param key the key material of the secret key
    * @since 20.0
    */
diff --git a/guava/src/com/google/common/hash/Hashing.java b/guava/src/com/google/common/hash/Hashing.java
index f2ec72f38..404b232e7 100644
--- a/guava/src/com/google/common/hash/Hashing.java
+++ b/guava/src/com/google/common/hash/Hashing.java
@@ -286,6 +286,10 @@ public final class Hashing {
    * Returns a hash function implementing the Message Authentication Code (MAC) algorithm, using the
    * MD5 (128 hash bits) hash function and the given secret key.
    *
+   * <p>If you are designing a new system that needs HMAC, prefer {@link #hmacSha256} or other
+   * future-proof algorithsm <a
+   * href="https://datatracker.ietf.org/doc/html/rfc6151#section-2.3">over {@code hmacMd5}</a>.
+   *
    * @param key the secret key
    * @throws IllegalArgumentException if the given key is inappropriate for initializing this MAC
    * @since 20.0
@@ -299,6 +303,10 @@ public final class Hashing {
    * MD5 (128 hash bits) hash function and a {@link SecretKeySpec} created from the given byte array
    * and the MD5 algorithm.
    *
+   * <p>If you are designing a new system that needs HMAC, prefer {@link #hmacSha256} or other
+   * future-proof algorithsm <a
+   * href="https://datatracker.ietf.org/doc/html/rfc6151#section-2.3">over {@code hmacMd5}</a>.
+   *
    * @param key the key material of the secret key
    * @since 20.0
    */
author	cpovirk <cpovirk@google.com>	2024-04-06 08:31:42 -0700
committer	Google Java Core Libraries <jake-team+copybara@google.com>	2024-04-06 08:34:20 -0700
commit	d364abbfd08f767af612d071a9298b19dad9e810 (patch)
tree	acd9a58bf9b71cf9b8c05b116ca6359a4f75a3d9
parent	faa651613b7daa8a81cab89f8fdc77feaeb8cd2e (diff)
download	guava-d364abbfd08f767af612d071a9298b19dad9e810.tar.gz