MD5 man page

Hi,

In MD5Init(3) there's a paragraph that says:

"""MD5 has not yet (1999-02-11) been broken, but sufficient attacks
     have been made that its security is in some doubt.  The attacks on both
     MD4 and MD5 are both in the nature of finding ``collisions'' - that is,
     multiple inputs which hash to the same value; it is still unlikely for an
     attacker to be able to determine the exact original input given a hash
     value.
"""

Shouldn't it be updated or at least the date of the statement moved to
somewhere in this century?
_______________________________________________
freebsd-security@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."

"Ivan Voras" <ivoras@...> writes:
> "MD5 has not yet (1999-02-11) been broken [...]"
> Shouldn't it be updated or at least the date of the statement moved to
> somewhere in this century?

It should be updated, MD5 has been further weakened since then.  This is
why the ports tree now uses SHA256 checksums in addition to MD5.  See
http://en.wikipedia.org/wiki/MD5 for additional details.

DES
--
Dag-Erling Smørgrav - des@...
_______________________________________________
freebsd-security@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."