From owner-svn-src-head@FreeBSD.ORG Tue Jan 6 19:25:24 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 572F4106566B; Tue, 6 Jan 2009 19:25:24 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 45B378FC20; Tue, 6 Jan 2009 19:25:24 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n06JPObI039879; Tue, 6 Jan 2009 19:25:24 GMT (envelope-from cperciva@svn.freebsd.org) Received: (from cperciva@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n06JPO2D039878; Tue, 6 Jan 2009 19:25:24 GMT (envelope-from cperciva@svn.freebsd.org) Message-Id: <200901061925.n06JPO2D039878@svn.freebsd.org> From: Colin Percival Date: Tue, 6 Jan 2009 19:25:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186836 - head/sbin/md5 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 19:25:24 -0000 Author: cperciva Date: Tue Jan 6 19:25:24 2009 New Revision: 186836 URL: http://svn.freebsd.org/changeset/base/186836 Log: Strengthen some of the language concerning attacks on MD5, in light of the recent demonstration of a forged SSL certificate. Add text pointing out that SHA-1 is at least theoretically broken. Add a recommendation that new applications use SHA-256. MFC after: 1 month Modified: head/sbin/md5/md5.1 Modified: head/sbin/md5/md5.1 ============================================================================== --- head/sbin/md5/md5.1 Tue Jan 6 19:00:12 2009 (r186835) +++ head/sbin/md5/md5.1 Tue Jan 6 19:25:24 2009 (r186836) @@ -49,15 +49,23 @@ key under a public-key cryptosystem such .Tn RSA . .Pp .Tn MD5 -has not yet (2007-03-05) been broken, but sufficient attacks have been -made that its security is in some doubt. -The attacks on +has been completely broken as far as finding collisions is +concerned, and should not be relied upon to produce unique outputs. +This also means that .Tn MD5 -are in the nature of finding -.Dq collisions -\(em that is, multiple -inputs which hash to the same value; it is still unlikely for an attacker -to be able to determine the exact original input given a hash value. +should not be used as part of a cryptographic signature scheme. +At the current time (2009-01-06) there is no publicly known method to +"reverse" MD5, i.e., to find an input given a hash value. +.Pp +.Tn SHA-1 +currently (2009-01-06) has no known collisions, but an attack has been +found which is faster than a brute-force search, placing the security of +.Tn SHA-1 +in doubt. +.Pp +It is recommended that all new applications use +.Tn SHA-256 +instead of one of the other hash functions. .Pp The following options may be used in any combination and must precede any files named on the command line.