Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 May 2019 22:17:01 +0000 (UTC)
From:      Allan Jude <allanjude@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r348073 - head/lib/libmd
Message-ID:  <201905212217.x4LMH1GG068159@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: allanjude
Date: Tue May 21 22:17:00 2019
New Revision: 348073
URL: https://svnweb.freebsd.org/changeset/base/348073

Log:
  Add admonitions against using MD5 and SHA1 to the API man pages

Modified:
  head/lib/libmd/mdX.3
  head/lib/libmd/sha.3

Modified: head/lib/libmd/mdX.3
==============================================================================
--- head/lib/libmd/mdX.3	Tue May 21 22:11:53 2019	(r348072)
+++ head/lib/libmd/mdX.3	Tue May 21 22:17:00 2019	(r348073)
@@ -208,6 +208,8 @@ This code is derived directly from these implementatio
 .Pp
 Phk ristede runen.
 .Sh BUGS
-No method is known to exist which finds two files having the same hash value,
-nor to find a file with a specific hash value.
-There is on the other hand no guarantee that such a method does not exist.
+The
+.Tn MD5
+algorithm has been proven to be vulnerable to practical collision
+attacks and should not be relied upon to produce unique outputs,
+.Em nor should they be used as part of a cryptographic signature scheme.

Modified: head/lib/libmd/sha.3
==============================================================================
--- head/lib/libmd/sha.3	Tue May 21 22:11:53 2019	(r348072)
+++ head/lib/libmd/sha.3	Tue May 21 22:17:00 2019	(r348073)
@@ -191,9 +191,11 @@ published
 .Tn FIPS
 standards.
 .Sh BUGS
-No method is known to exist which finds two files having the same hash value,
-nor to find a file with a specific hash value.
-There is on the other hand no guarantee that such a method does not exist.
+The
+.Tn SHA1
+algorithm has been proven to be vulnerable to practical collision
+attacks and should not be relied upon to produce unique outputs,
+.Em nor should they be used as part of a cryptographic signature scheme.
 .Pp
 The
 .Tn IA32

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905212217.x4LMH1GG068159>