Norberto Meijome wrote: > should some kind of advisory be sent to advise people not to rely solely on > MD5 checksums? Maybe an update to the man page is due ? : > > " > MD5 has not yet (2001-09-03) been broken, but sufficient attacks have > been made that its security is in some doubt. The attacks on MD5 are in > the nature of finding ``collisions'' -- that is, multiple inputs which > hash to the same value; it is still unlikely for an attacker to be able > to determine the exact original input given a hash value. > "
I fail to see how the man page is incorrect here. What do you think it should be saying instead? Colin Percival FreeBSD Security Officer _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
