Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Sep 2001 17:34:33 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        murray@FreeBSD.org
Cc:        efrias@sg505.net, freebsd-doc@FreeBSD.org, security-officer@FreeBSD.org
Subject:   Re: docs/14158: md5(1) manpage should not claim the md5 algorithm to be secure
Message-ID:  <20010903173433.E38717@xor.obsecurity.org>
In-Reply-To: <200109040017.f840HSe19930@freefall.freebsd.org>; from murray@FreeBSD.org on Mon, Sep 03, 2001 at 05:17:28PM -0700
References:  <200109040017.f840HSe19930@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--o0ZfoUVt4BxPQnbU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 03, 2001 at 05:17:28PM -0700, murray@FreeBSD.org wrote:
> Synopsis: md5(1) manpage should not claim the md5 algorithm to be secure
>=20
> State-Changed-From-To: open->analyzed
> State-Changed-By: murray
> State-Changed-When: Mon Sep 3 17:16:01 PDT 2001
> State-Changed-Why:=20
> How about this patch?  It is essentially taken from md5(3).  I think
> that we should mention the potential weakness in the user level
> command, not just in the library.

Looks fine as far as it goes, but we should note somewhere that
FreeBSD's MD5 algorithm is expected to be better protected against
this by virtue of the fact that it does something like 1000 iterations
of md5.  The algorithm would probably need to be comprehensively
broken to affect the security of FreeBSD password hashes.

Kris

--o0ZfoUVt4BxPQnbU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7lCGZWry0BWjoQKURAssFAKDhKgeZ3shjWcqD/E0SQdKhe7UZoQCfbi2K
ZnCsg3ntfVG333To9L//vQ8=
=caMH
-----END PGP SIGNATURE-----

--o0ZfoUVt4BxPQnbU--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010903173433.E38717>