From owner-freebsd-doc  Mon Sep  3 17:26:28 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9ECCE37B408; Mon,  3 Sep 2001 17:26:22 -0700 (PDT)
Received: (from murray@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f840HSe19930;
	Mon, 3 Sep 2001 17:17:28 -0700 (PDT)
	(envelope-from murray)
Date: Mon, 3 Sep 2001 17:17:28 -0700 (PDT)
From: <murray@FreeBSD.org>
Message-Id: <200109040017.f840HSe19930@freefall.freebsd.org>
To: efrias@sg505.net, murray@FreeBSD.org, freebsd-doc@freebsd.org,
	security-officer@FreeBSD.org
Subject: Re: docs/14158: md5(1) manpage should not claim the md5 algorithm to be secure
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

Synopsis: md5(1) manpage should not claim the md5 algorithm to be secure

State-Changed-From-To: open->analyzed
State-Changed-By: murray
State-Changed-When: Mon Sep 3 17:16:01 PDT 2001
State-Changed-Why: 
How about this patch?  It is essentially taken from md5(3).  I think
that we should mention the potential weakness in the user level
command, not just in the library.

Index: md5.1
===================================================================
RCS file: /home/ncvs/src/sbin/md5/md5.1,v
retrieving revision 1.15
diff -u -r1.15 md5.1
--- md5.1	2001/08/07 15:48:35	1.15
+++ md5.1	2001/09/04 00:15:28
@@ -28,6 +28,12 @@
 key under a public-key cryptosystem such as
 .Em RSA .
 .Pp
+MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been
+made that its security is in some doubt.  The attacks on MD5
+are in the nature of finding ``collisions'' \- that is, multiple
+inputs which hash to the same value; it is still unlikely for an attacker
+to be able to determine the exact original input given a hash value.
+.Pp
 The following options may be used in any combination and must
 precede any files named on the command line.  The MD5
 sum of each file listed on the command line is printed after the options
                                                                               


Responsible-Changed-From-To: freebsd-doc->security-officer
Responsible-Changed-By: murray
Responsible-Changed-When: Mon Sep 3 17:16:01 PDT 2001
Responsible-Changed-Why: 
A call for the security-officer to make.

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14158

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message