Date: Sat, 10 May 2003 15:38:05 -0600 From: Theo de Raadt <deraadt@cvs.openbsd.org> To: Robin Carey <robin@wizardsworks.org> Cc: bugs@openbsd.org Subject: Re: /dev/random and /dev/urandom Message-ID: <200305102138.h4ALc5KZ013437@cvs.openbsd.org> In-Reply-To: Your message of "Sat, 10 May 2003 14:32:17 PDT." <Pine.LNX.4.44.0305101426170.4644-100000@wizardsworks.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This has zero to do with the situation at hand. You are just copying-catting the "MD5 is insecure" yammering that you sometimes see. The details of MD5 that are used here make it fine. Your statement is much like: Cars crash. Cars are unsafe. Don't drive. > I really don't know why I'm bothering to send this email, since what > usually happens after sending an email to bugs@ is I get a lot of rude and > unpleasant replies. > > However..... > > I've been looking at the FreeBSD and OpenBSD source code for these > pseudo-devices; they both use MD5. > > But as I'm sure we all know, the security of MD5 is in doubt, and that's > according to the FreeBSD manual pages (I haven't checked OpenBSD). > According to the SSH Communications Security Website, MD5 should not be > used in "new" programs. > > So the point I am making is that a better cryptographic checksum like SHA1 > should be used instead. > > cheers, > robin >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305102138.h4ALc5KZ013437>