Date: Wed, 22 May 2019 09:11:06 -0400 From: Allan Jude <allanjude@freebsd.org> To: rgrimes@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r348073 - head/lib/libmd Message-ID: <ad4c7786-eaba-e8c7-322b-4704442d5e64@freebsd.org> In-Reply-To: <201905212303.x4LN3bMd081422@gndrsh.dnsmgr.net> References: <201905212303.x4LN3bMd081422@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3BoRBk4dGJi2pjtPiUsIpwHBIUSXw6UF5 Content-Type: multipart/mixed; boundary="CXgCs5BHiKKJpNbRVX8o4ctM0P9GHf0JJ"; protected-headers="v1" From: Allan Jude <allanjude@freebsd.org> To: rgrimes@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <ad4c7786-eaba-e8c7-322b-4704442d5e64@freebsd.org> Subject: Re: svn commit: r348073 - head/lib/libmd References: <201905212303.x4LN3bMd081422@gndrsh.dnsmgr.net> In-Reply-To: <201905212303.x4LN3bMd081422@gndrsh.dnsmgr.net> --CXgCs5BHiKKJpNbRVX8o4ctM0P9GHf0JJ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2019-05-21 19:03, Rodney W. Grimes wrote: >> Author: allanjude >> Date: Tue May 21 22:17:00 2019 >> New Revision: 348073 >> URL: https://svnweb.freebsd.org/changeset/base/348073 >> >> Log: >> Add admonitions against using MD5 and SHA1 to the API man pages >> >> Modified: >> head/lib/libmd/mdX.3 >> head/lib/libmd/sha.3 >> >> Modified: head/lib/libmd/mdX.3 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- head/lib/libmd/mdX.3 Tue May 21 22:11:53 2019 (r348072) >> +++ head/lib/libmd/mdX.3 Tue May 21 22:17:00 2019 (r348073) >> @@ -208,6 +208,8 @@ This code is derived directly from these implement= atio >> .Pp >> Phk ristede runen. >> .Sh BUGS >> -No method is known to exist which finds two files having the same has= h value, >> -nor to find a file with a specific hash value. >> -There is on the other hand no guarantee that such a method does not e= xist. >> +The >> +.Tn MD5 >=20 > There needs to be a discussion about .Tn, some people are ripping > them out of man pages, others are adding them. mandoc is a semantic > mark up language, .Tn gives the following word the semantic of being > a Tradename. >=20 > Yes, I know, mandoc ignroes them BUTT other tools do not, mandoc is > not the end all in what can process our man pages, groff/troff should > still be able to produce photo typesetter output and the .Tn's look > nice when you do that. >=20 > I would like to see that we stop removing them and infact, as this > man page does, properly recognize trademarks/names in our man pages > "as is often required by law." >=20 > Now, one final nit, I can neither verify nor deny that "MD5" is > a tradename. >=20 >> +algorithm has been proven to be vulnerable to practical collision >> +attacks and should not be relied upon to produce unique outputs, >> +.Em nor should they be used as part of a cryptographic signature sche= me. >> >> Modified: head/lib/libmd/sha.3 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- head/lib/libmd/sha.3 Tue May 21 22:11:53 2019 (r348072) >> +++ head/lib/libmd/sha.3 Tue May 21 22:17:00 2019 (r348073) >> @@ -191,9 +191,11 @@ published >> .Tn FIPS >> standards. >> .Sh BUGS >> -No method is known to exist which finds two files having the same has= h value, >> -nor to find a file with a specific hash value. >> -There is on the other hand no guarantee that such a method does not e= xist. >> +The >> +.Tn SHA1 >> +algorithm has been proven to be vulnerable to practical collision >> +attacks and should not be relied upon to produce unique outputs, >> +.Em nor should they be used as part of a cryptographic signature sche= me. >> .Pp >> The >> .Tn IA32 >> >> >=20 I borrowed the message (with .Tn markup) from the md5(1) man page, and just added it to the library reference man pages since they said 'No method is known to exist which finds two files having the same hash value' which has not been true in a while. I did not spend any effort deciding which markup to use there, as I don't think MD5 or SHA1 are tradenames, just acronyms. --=20 Allan Jude --CXgCs5BHiKKJpNbRVX8o4ctM0P9GHf0JJ-- --3BoRBk4dGJi2pjtPiUsIpwHBIUSXw6UF5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJc5UpuAAoJEBmVNT4SmAt+BfoP+wRmgomDHpFGbcqCufhkMuPD zm81SjiK3Yce9sYAHKDffejoOnPPoahMlcPCPLfL4Yr00TK41j1tnbALm3p67Jh0 mowaLUCmj4r1XvaYCeEWDVEzVOUXmenCo/KPC4aFuGnjJmlsP4bFPx2pCJi1QoTd kYgAYTG2N3VrkHDUneQV7WqmJh0+JVlJxwVoWigXTkjlRo/hATRroBhw45JFj8oo QzI7hl5X6ThglaluJAkpYEOQcPOBzMKCDScwqdZImYr2Hkf1BwpFSySmsf20zimA 5F33ebv7Wv2e8zBpI9wji58vr+CCtOUN4NnpXw29XRl6u+97z8jXBWxboocG92cJ 4JEt4zeI1Rprwphkn5SSes8WPb0FjWYe04tBLTsSKVFokMb05v3B0zp9Ofa4q8qI COGqABicQ+SH1qr0+43xeqc0HyHW2YmE/InOtj3nRYNKsffYs6GRUe2Cg63ET5RC 13YyLIHGo0mkn8XylyqsmqRC947tshoLc2M6mzzqZpDFqbyXbxrdCQrcFRqozbtt 48/tIZzFHz1GBUB++RTi99Fy7luon8On2WUy+jyqY43WzSze0lfoNe5LvfqXvtr6 +AQwotytelfpu6AwuMClRmzNXlyn6t05F9QxgvJhfEXaOYrb9eL5MJpK2s0LYZWU cMZRjGt1hH52XZRBlqzP =N3oy -----END PGP SIGNATURE----- --3BoRBk4dGJi2pjtPiUsIpwHBIUSXw6UF5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ad4c7786-eaba-e8c7-322b-4704442d5e64>