/dev/random and /dev/urandom

Theo de Raadt deraadt at cvs.openbsd.org
Sat May 10 14:35:25 PDT 2003

This has zero to do with the situation at hand.  You are just
copying-catting the "MD5 is insecure" yammering that you sometimes
see.  The details of MD5 that are used here make it fine.

Your statement is much like: Cars crash.  Cars are unsafe.  Don't drive.

> I really don't know why I'm bothering to send this email, since what
> usually happens after sending an email to bugs@ is I get a lot of rude and
> unpleasant replies.
> However.....
> I've been looking at the FreeBSD and OpenBSD source code for these
> pseudo-devices; they both use MD5.
> But as I'm sure we all know, the security of MD5 is in doubt, and that's
> according to the FreeBSD manual pages (I haven't checked OpenBSD).
> According to the SSH Communications Security Website, MD5 should not be
> used in "new" programs.
> So the point I am making is that a better cryptographic checksum like SHA1
> should be used instead.
> cheers,
> robin

More information about the freebsd-bugs mailing list