Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Sep 2001 17:17:28 -0700 (PDT)
From:      <murray@FreeBSD.org>
To:        efrias@sg505.net, murray@FreeBSD.org, freebsd-doc@freebsd.org, security-officer@FreeBSD.org
Subject:   Re: docs/14158: md5(1) manpage should not claim the md5 algorithm to be secure
Message-ID:  <200109040017.f840HSe19930@freefall.freebsd.org>
index | next in thread | raw e-mail 

Synopsis: md5(1) manpage should not claim the md5 algorithm to be secure

State-Changed-From-To: open->analyzed
State-Changed-By: murray
State-Changed-When: Mon Sep 3 17:16:01 PDT 2001
State-Changed-Why: 
How about this patch?  It is essentially taken from md5(3).  I think
that we should mention the potential weakness in the user level
command, not just in the library.

Index: md5.1
===================================================================
RCS file: /home/ncvs/src/sbin/md5/md5.1,v
retrieving revision 1.15
diff -u -r1.15 md5.1
--- md5.1	2001/08/07 15:48:35	1.15
+++ md5.1	2001/09/04 00:15:28
@@ -28,6 +28,12 @@
 key under a public-key cryptosystem such as
 .Em RSA .
 .Pp
+MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been
+made that its security is in some doubt.  The attacks on MD5
+are in the nature of finding ``collisions'' \- that is, multiple
+inputs which hash to the same value; it is still unlikely for an attacker
+to be able to determine the exact original input given a hash value.
+.Pp
 The following options may be used in any combination and must
 precede any files named on the command line.  The MD5
 sum of each file listed on the command line is printed after the options
                                                                               


Responsible-Changed-From-To: freebsd-doc->security-officer
Responsible-Changed-By: murray
Responsible-Changed-When: Mon Sep 3 17:16:01 PDT 2001
Responsible-Changed-Why: 
A call for the security-officer to make.

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14158

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109040017.f840HSe19930>