From owner-freebsd-security@FreeBSD.ORG Tue Dec 4 14:45:26 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 057FF16A418 for ; Tue, 4 Dec 2007 14:45:26 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.freebsd.org (Postfix) with ESMTP id EA17513C447 for ; Tue, 4 Dec 2007 14:45:25 +0000 (UTC) (envelope-from marquis@roble.com) Date: Tue, 4 Dec 2007 06:27:54 -0800 (PST) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20071204120020.2CCA416A469@hub.freebsd.org> References: <20071204120020.2CCA416A469@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Message-Id: <20071204142754.2F6362B228A@mx5.roble.com> Subject: Re: MD5 Collisions... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Dec 2007 14:45:26 -0000 Colin Percival wrote: >> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have >> been made that its security is in some doubt. The attacks on MD5 are in >> the nature of finding ``collisions'' -- that is, multiple inputs which >> hash to the same value; it is still unlikely for an attacker to be able >> to determine the exact original input given a hash value. >> " > > I fail to see how the man page is incorrect here. What do you think it should > be saying instead? I would drop the statement altogether since it is not accurate for MD5 signatures of binary packages and tarballs. At the very least define the specific scenarios under which MD5 can be broken and drop the "its security is in some doubt" claim. Vague statements about crypto are worse than none at all. -- Roger Marquis