From owner-freebsd-security@FreeBSD.ORG Thu Aug 14 02:48:59 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB0D31065672 for ; Thu, 14 Aug 2008 02:48:59 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id AB3EA8FC0A for ; Thu, 14 Aug 2008 02:48:59 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so164519yxb.13 for ; Wed, 13 Aug 2008 19:48:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=8FeYWG+Arixii+af5vXsP3CxfDjFogcIRRCNP8Nd74A=; b=nbco6I0HqBpGNSt1K7bI8ydOWDDCNUgH2xlkpyyTtA8Scs5oYFNRpCOub/1f3LOvPR coCKEy8J3FYMe5q7X0pQP5C2FW8a2+9d0P+MTjAgcEQ2DDVodp1oLripZW2SIb/i4wFJ /5mkUQ66aIVc9E15f0xKUdQvXiL2auIpSaMQU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=Zx7TUoilTdNs1uHYMHeZRklwGfVEmSTRs1Natj3gmpZkyx8BYuBzxGSwgXpX4YUi2L dTZ4/3cKhtEfEiUMggg+bq70VU6Y4k8Oyf2Q4pq7LoYhaclaxv9I1Bw6qm1ZspOY8nuM 1WB0yDXGstJYaGmLL/B361MpjNf73FdL0hzLU= Received: by 10.140.170.12 with SMTP id s12mr334562rve.83.1218680620172; Wed, 13 Aug 2008 19:23:40 -0700 (PDT) Received: by 10.141.159.2 with HTTP; Wed, 13 Aug 2008 19:23:40 -0700 (PDT) Message-ID: <9bbcef730808131923o1ce56bc7i32b52ca884a54c@mail.gmail.com> Date: Thu, 14 Aug 2008 04:23:40 +0200 From: "Ivan Voras" Sender: ivoras@gmail.com To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: 26c010c2de096345 X-Mailman-Approved-At: Thu, 14 Aug 2008 02:50:06 +0000 Subject: MD5 man page X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2008 02:49:00 -0000 Hi, In MD5Init(3) there's a paragraph that says: """MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on both MD4 and MD5 are both in the nature of finding ``collisions'' - that is, multiple inputs which hash to the same value; it is still unlikely for an attacker to be able to determine the exact original input given a hash value. """ Shouldn't it be updated or at least the date of the statement moved to somewhere in this century?