thr3ads.net - freebsd security - MD5 man page [Aug 2008]

If this information is useful, please help other people find it:
Share via:

Ivan Voras

2008-Aug-14 02:50 UTC

MD5 man page

Hi,

In MD5Init(3) there's a paragraph that says:

"""MD5 has not yet (1999-02-11) been broken, but sufficient
attacks
     have been made that its security is in some doubt.  The attacks on both
     MD4 and MD5 are both in the nature of finding ``collisions'' - that
is,
     multiple inputs which hash to the same value; it is still unlikely for an
     attacker to be able to determine the exact original input given a hash
     value.
"""

Shouldn't it be updated or at least the date of the statement moved to
somewhere in this century?

Dag-Erling Smørgrav

2008-Aug-15 10:02 UTC

head link

MD5 man page

"Ivan Voras" <ivoras@freebsd.org>
writes:> "MD5 has not yet (1999-02-11) been broken [...]"
> Shouldn't it be updated or at least the date of the statement moved to
> somewhere in this century?
It should be updated, MD5 has been further weakened since then.  This is
why the ports tree now uses SHA256 checksums in addition to MD5.  See
http://en.wikipedia.org/wiki/MD5 for additional details.

DES
-- 
Dag-Erling Sm?rgrav - des@des.no

freebsd security - Aug 2008 - MD5 man page

MD5 man page

MD5 man page