Date: Mon, 3 Sep 2001 17:34:33 -0700 From: Kris Kennaway <kris@obsecurity.org> To: murray@FreeBSD.org Cc: efrias@sg505.net, freebsd-doc@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: docs/14158: md5(1) manpage should not claim the md5 algorithm to be secure Message-ID: <20010903173433.E38717@xor.obsecurity.org> In-Reply-To: <200109040017.f840HSe19930@freefall.freebsd.org>; from murray@FreeBSD.org on Mon, Sep 03, 2001 at 05:17:28PM -0700 References: <200109040017.f840HSe19930@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--o0ZfoUVt4BxPQnbU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 03, 2001 at 05:17:28PM -0700, murray@FreeBSD.org wrote: > Synopsis: md5(1) manpage should not claim the md5 algorithm to be secure >=20 > State-Changed-From-To: open->analyzed > State-Changed-By: murray > State-Changed-When: Mon Sep 3 17:16:01 PDT 2001 > State-Changed-Why:=20 > How about this patch? It is essentially taken from md5(3). I think > that we should mention the potential weakness in the user level > command, not just in the library. Looks fine as far as it goes, but we should note somewhere that FreeBSD's MD5 algorithm is expected to be better protected against this by virtue of the fact that it does something like 1000 iterations of md5. The algorithm would probably need to be comprehensively broken to affect the security of FreeBSD password hashes. Kris --o0ZfoUVt4BxPQnbU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7lCGZWry0BWjoQKURAssFAKDhKgeZ3shjWcqD/E0SQdKhe7UZoQCfbi2K ZnCsg3ntfVG333To9L//vQ8= =caMH -----END PGP SIGNATURE----- --o0ZfoUVt4BxPQnbU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010903173433.E38717>