From owner-freebsd-security@FreeBSD.ORG  Thu Aug 26 08:37:19 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0797916A4CF
	for <freebsd-security@freebsd.org>;
	Thu, 26 Aug 2004 08:37:19 +0000 (GMT)
Received: from fillmore.dyndns.org (port-212-202-50-15.dynamic.qsc.de
	[212.202.50.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AB23D43D83
	for <freebsd-security@freebsd.org>;
	Thu, 26 Aug 2004 08:37:18 +0000 (GMT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from dhcp-10.local ([172.16.0.10])
	by fillmore.dyndns.org with esmtp (TLSv1:DES-CBC3-SHA:168)
	(Exim 4.41 (FreeBSD))
	id 1C0Fky-000D6d-0P; Thu, 26 Aug 2004 10:37:18 +0200
Date: Thu, 26 Aug 2004 10:37:27 +0200
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v482)
To: Mohacsi Janos <mohacsi@niif.hu>
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
In-Reply-To: <20040826091143.S63227@mignon.ki.iif.hu>
Message-Id: <293AF1C6-F73B-11D8-91E7-00039312D914@fillmore-labs.com>
Content-Transfer-Encoding: 7bit
User-Agent: KMail/1.5.9
cc: freebsd-security@freebsd.org
cc: Scott Gerhardt <scott@g-it.ca>
Subject: Re: Report of collision-generation with MD5
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Aug 2004 08:37:19 -0000

Mohacsi Janos wrote:
> [...]
> I would also opt for having (by default) additional hash algorithms. I 
> would prefer using method of NetBSD: using an external program called 
> digest ( see security/digest port) to select the algorithms. Oliver 
> Eikemeier is working a ports building infrastructure and I think it 
> would be a good idea to this new infrastructure would support multiple 
> hash algorithm. The most easiest way would be to define a knob like 
> PREFERED_HASH that would list the algorithms that system would prefer, 
> and REQUIRED_HASH that would be required to checked:
> - makesum should generate all the PREFERED_HASH
> - fetch should fail if any of the REQUIRED_HASH failed

devel/portmk supports generation of multiple hashes, although it will 
just verify the first of the sufficient ones. the problem is to test 
this stuff before 5.3.
-Oliver