From owner-freebsd-security@FreeBSD.ORG Thu Aug 14 02:48:59 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB0D31065672 for ; Thu, 14 Aug 2008 02:48:59 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id AB3EA8FC0A for ; Thu, 14 Aug 2008 02:48:59 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so164519yxb.13 for ; Wed, 13 Aug 2008 19:48:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=8FeYWG+Arixii+af5vXsP3CxfDjFogcIRRCNP8Nd74A=; b=nbco6I0HqBpGNSt1K7bI8ydOWDDCNUgH2xlkpyyTtA8Scs5oYFNRpCOub/1f3LOvPR coCKEy8J3FYMe5q7X0pQP5C2FW8a2+9d0P+MTjAgcEQ2DDVodp1oLripZW2SIb/i4wFJ /5mkUQ66aIVc9E15f0xKUdQvXiL2auIpSaMQU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=Zx7TUoilTdNs1uHYMHeZRklwGfVEmSTRs1Natj3gmpZkyx8BYuBzxGSwgXpX4YUi2L dTZ4/3cKhtEfEiUMggg+bq70VU6Y4k8Oyf2Q4pq7LoYhaclaxv9I1Bw6qm1ZspOY8nuM 1WB0yDXGstJYaGmLL/B361MpjNf73FdL0hzLU= Received: by 10.140.170.12 with SMTP id s12mr334562rve.83.1218680620172; Wed, 13 Aug 2008 19:23:40 -0700 (PDT) Received: by 10.141.159.2 with HTTP; Wed, 13 Aug 2008 19:23:40 -0700 (PDT) Message-ID: <9bbcef730808131923o1ce56bc7i32b52ca884a54c@mail.gmail.com> Date: Thu, 14 Aug 2008 04:23:40 +0200 From: "Ivan Voras" Sender: ivoras@gmail.com To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: 26c010c2de096345 X-Mailman-Approved-At: Thu, 14 Aug 2008 02:50:06 +0000 Subject: MD5 man page X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2008 02:49:00 -0000 Hi, In MD5Init(3) there's a paragraph that says: """MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on both MD4 and MD5 are both in the nature of finding ``collisions'' - that is, multiple inputs which hash to the same value; it is still unlikely for an attacker to be able to determine the exact original input given a hash value. """ Shouldn't it be updated or at least the date of the statement moved to somewhere in this century? From owner-freebsd-security@FreeBSD.ORG Fri Aug 15 10:02:21 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61137106567E; Fri, 15 Aug 2008 10:02:21 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 1319A8FC13; Fri, 15 Aug 2008 10:02:21 +0000 (UTC) (envelope-from des@des.no) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 1CC802049; Fri, 15 Aug 2008 11:44:38 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 02C1E844AB; Fri, 15 Aug 2008 11:44:37 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: "Ivan Voras" References: <9bbcef730808131923o1ce56bc7i32b52ca884a54c@mail.gmail.com> Date: Fri, 15 Aug 2008 11:44:37 +0200 In-Reply-To: <9bbcef730808131923o1ce56bc7i32b52ca884a54c@mail.gmail.com> (Ivan Voras's message of "Thu, 14 Aug 2008 04:23:40 +0200") Message-ID: <86k5eiwr22.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: MD5 man page X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2008 10:02:21 -0000 "Ivan Voras" writes: > "MD5 has not yet (1999-02-11) been broken [...]" > Shouldn't it be updated or at least the date of the statement moved to > somewhere in this century? It should be updated, MD5 has been further weakened since then. This is why the ports tree now uses SHA256 checksums in addition to MD5. See http://en.wikipedia.org/wiki/MD5 for additional details. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no