Date: Mon, 3 Dec 2007 08:15:18 +0100 (CET) From: Mohacsi Janos <mohacsi@niif.hu> To: Norberto Meijome <freebsd@meijome.net> Cc: freebsd-security@freebsd.org Subject: Re: MD5 Collisions... Message-ID: <20071203081159.J83729@mignon.ki.iif.hu> In-Reply-To: <20071203154412.461d0faf@meijome.net> References: <20071203154412.461d0faf@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Dec 2007, Norberto Meijome wrote: > Hi everyone, > > Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . > > should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : > > " > MD5 has not yet (2001-09-03) been broken, but sufficient attacks have > been made that its security is in some doubt. The attacks on MD5 are in > the nature of finding ``collisions'' -- that is, multiple inputs which > hash to the same value; it is still unlikely for an attacker to be able > to determine the exact original input given a hash value. > " Some measures are already taken: - FreeBSD ports use not only MD5 but SHA256 additionaly - Same applied for FreeBSD ISO images Best Regards, Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071203081159.J83729>