Colin Percival wrote:
Norberto Meijome wrote:
should some kind of advisory be sent to advise people not to rely solely on MD5
checksums? Maybe an update to the man page is due ? :
"
MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
been made that its security is in some doubt. The attacks on MD5 are in
the nature of finding ``collisions'' -- that is, multiple inputs which
hash to the same value; it is still unlikely for an attacker to be able
to determine the exact original input given a hash value.
"
I fail to see how the man page is incorrect here. What do you think it should
be saying instead?
Perhaps, 1st two paras:
==============
Md5 is a cryptographic message digest algorithm. It takes
as input a message of arbitrary length and produces as
output a 128-bit ``fingerprint'' or ``digest'' of the input.
Such algorithms are intended for applications where a
large file must be ``compressed'' in a secure manner,
suitable as a digital signature or as an input to a
public-key cryptosystem for digital signature or encryption
purposes.
MD5 is no longer recommended as a cryptographic message
digest algorithm, although it functions very well as a big
checksum. It is now feasible (2004) to produce two messages
having the same MD5 message digest (``collision'' attack),
and attacks of this nature are getting better and faster.
It is still conjectured to be computationally infeasible
(2007) to produce any message having a given prespecified
target message digest (``preimage'' attack).
==============
It's worth checking carefully ... discussing the minutiae of
cryptographic algorithms is like angels dancing on a pin.
iang
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
