Skip site navigation (1)Skip section navigation (2) 
Date:      Wed,  6 Oct 1999 01:56:56 -0700 (PDT)
From:      efrias@sg505.net
To:        freebsd-gnats-submit@freebsd.org
Subject:   docs/14158: md5(1) manpage should not claim the md5 algorithm to be secure
Message-ID:  <19991006085656.8431814FD5@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         14158
>Category:       docs
>Synopsis:       md5(1) manpage should not claim the md5 algorithm to be secure
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct  6 02:00:00 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Eric Frias
>Release:        3.2-RELEASE
>Organization:
>Environment:
>Description:
[Warning: I am not a cryptographer]

The md5(1) manpage states:

It is con-
jectured that it is computationally infeasible to produce two messages
having the same message digest, or to produce any message having a given
prespecified target message digest.  The MD5 algorithm is intended for
digital signature applications, where a large file must be ``compressed''
in a secure manner before being encrypted with a private (secret) key un-
der a public-key cryptosystem such as RSA.

It is my understanding that MD5 is no longer considered suitable for 
cryptographic applications, since certain attacks have been developed.
The RSADSI FAQ provides several references.  See
http://www.rsasecurity.com/rsalabs/faq/3-6-6.html

If this is indeed the case, the manpage should be revised to mention
the weakness.  
>How-To-Repeat:

>Fix:
Have someone who understands cryptography review the information and 
decide if the supposed weaknesses in the alogorithm warrant revision
to the manpage.  Perhaps mention another, more secure, hashing program
from the manpage if one exists.  

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991006085656.8431814FD5>