Date: Tue, 21 May 2019 16:03:37 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: Allan Jude <allanjude@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r348073 - head/lib/libmd Message-ID: <201905212303.x4LN3bMd081422@gndrsh.dnsmgr.net> In-Reply-To: <201905212217.x4LMH1GG068159@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Author: allanjude > Date: Tue May 21 22:17:00 2019 > New Revision: 348073 > URL: https://svnweb.freebsd.org/changeset/base/348073 > > Log: > Add admonitions against using MD5 and SHA1 to the API man pages > > Modified: > head/lib/libmd/mdX.3 > head/lib/libmd/sha.3 > > Modified: head/lib/libmd/mdX.3 > ============================================================================== > --- head/lib/libmd/mdX.3 Tue May 21 22:11:53 2019 (r348072) > +++ head/lib/libmd/mdX.3 Tue May 21 22:17:00 2019 (r348073) > @@ -208,6 +208,8 @@ This code is derived directly from these implementatio > .Pp > Phk ristede runen. > .Sh BUGS > -No method is known to exist which finds two files having the same hash value, > -nor to find a file with a specific hash value. > -There is on the other hand no guarantee that such a method does not exist. > +The > +.Tn MD5 There needs to be a discussion about .Tn, some people are ripping them out of man pages, others are adding them. mandoc is a semantic mark up language, .Tn gives the following word the semantic of being a Tradename. Yes, I know, mandoc ignroes them BUTT other tools do not, mandoc is not the end all in what can process our man pages, groff/troff should still be able to produce photo typesetter output and the .Tn's look nice when you do that. I would like to see that we stop removing them and infact, as this man page does, properly recognize trademarks/names in our man pages "as is often required by law." Now, one final nit, I can neither verify nor deny that "MD5" is a tradename. > +algorithm has been proven to be vulnerable to practical collision > +attacks and should not be relied upon to produce unique outputs, > +.Em nor should they be used as part of a cryptographic signature scheme. > > Modified: head/lib/libmd/sha.3 > ============================================================================== > --- head/lib/libmd/sha.3 Tue May 21 22:11:53 2019 (r348072) > +++ head/lib/libmd/sha.3 Tue May 21 22:17:00 2019 (r348073) > @@ -191,9 +191,11 @@ published > .Tn FIPS > standards. > .Sh BUGS > -No method is known to exist which finds two files having the same hash value, > -nor to find a file with a specific hash value. > -There is on the other hand no guarantee that such a method does not exist. > +The > +.Tn SHA1 > +algorithm has been proven to be vulnerable to practical collision > +attacks and should not be relied upon to produce unique outputs, > +.Em nor should they be used as part of a cryptographic signature scheme. > .Pp > The > .Tn IA32 > > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905212303.x4LN3bMd081422>