Hi everyone,
Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ .
should some kind of advisory be sent to advise people not to rely solely on MD5
checksums? Maybe an update to the man page is due ? :
"
MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
been made that its security is in some doubt. The attacks on MD5 are in
the nature of finding ``collisions'' -- that is, multiple inputs which
hash to the same value; it is still unlikely for an attacker to be able
to determine the exact original input given a hash value.
"
Cheers,
B
_________________________
{Beto|Norberto|Numard} Meijome
If you find a solution and become attached to it, the solution may become your
next problem.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
