Date: Tue, 6 Jan 2009 19:25:24 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r186836 - head/sbin/md5 Message-ID: <200901061925.n06JPO2D039878@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cperciva Date: Tue Jan 6 19:25:24 2009 New Revision: 186836 URL: http://svn.freebsd.org/changeset/base/186836 Log: Strengthen some of the language concerning attacks on MD5, in light of the recent demonstration of a forged SSL certificate. Add text pointing out that SHA-1 is at least theoretically broken. Add a recommendation that new applications use SHA-256. MFC after: 1 month Modified: head/sbin/md5/md5.1 Modified: head/sbin/md5/md5.1 ============================================================================== --- head/sbin/md5/md5.1 Tue Jan 6 19:00:12 2009 (r186835) +++ head/sbin/md5/md5.1 Tue Jan 6 19:25:24 2009 (r186836) @@ -49,15 +49,23 @@ key under a public-key cryptosystem such .Tn RSA . .Pp .Tn MD5 -has not yet (2007-03-05) been broken, but sufficient attacks have been -made that its security is in some doubt. -The attacks on +has been completely broken as far as finding collisions is +concerned, and should not be relied upon to produce unique outputs. +This also means that .Tn MD5 -are in the nature of finding -.Dq collisions -\(em that is, multiple -inputs which hash to the same value; it is still unlikely for an attacker -to be able to determine the exact original input given a hash value. +should not be used as part of a cryptographic signature scheme. +At the current time (2009-01-06) there is no publicly known method to +"reverse" MD5, i.e., to find an input given a hash value. +.Pp +.Tn SHA-1 +currently (2009-01-06) has no known collisions, but an attack has been +found which is faster than a brute-force search, placing the security of +.Tn SHA-1 +in doubt. +.Pp +It is recommended that all new applications use +.Tn SHA-256 +instead of one of the other hash functions. .Pp The following options may be used in any combination and must precede any files named on the command line.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901061925.n06JPO2D039878>