svn commit: r348073 - head/lib/libmd
Allan Jude
allanjude at FreeBSD.org
Tue May 21 22:17:02 UTC 2019
Author: allanjude
Date: Tue May 21 22:17:00 2019
New Revision: 348073
URL: https://svnweb.freebsd.org/changeset/base/348073
Log:
Add admonitions against using MD5 and SHA1 to the API man pages
Modified:
head/lib/libmd/mdX.3
head/lib/libmd/sha.3
Modified: head/lib/libmd/mdX.3
==============================================================================
--- head/lib/libmd/mdX.3 Tue May 21 22:11:53 2019 (r348072)
+++ head/lib/libmd/mdX.3 Tue May 21 22:17:00 2019 (r348073)
@@ -208,6 +208,8 @@ This code is derived directly from these implementatio
.Pp
Phk ristede runen.
.Sh BUGS
-No method is known to exist which finds two files having the same hash value,
-nor to find a file with a specific hash value.
-There is on the other hand no guarantee that such a method does not exist.
+The
+.Tn MD5
+algorithm has been proven to be vulnerable to practical collision
+attacks and should not be relied upon to produce unique outputs,
+.Em nor should they be used as part of a cryptographic signature scheme.
Modified: head/lib/libmd/sha.3
==============================================================================
--- head/lib/libmd/sha.3 Tue May 21 22:11:53 2019 (r348072)
+++ head/lib/libmd/sha.3 Tue May 21 22:17:00 2019 (r348073)
@@ -191,9 +191,11 @@ published
.Tn FIPS
standards.
.Sh BUGS
-No method is known to exist which finds two files having the same hash value,
-nor to find a file with a specific hash value.
-There is on the other hand no guarantee that such a method does not exist.
+The
+.Tn SHA1
+algorithm has been proven to be vulnerable to practical collision
+attacks and should not be relied upon to produce unique outputs,
+.Em nor should they be used as part of a cryptographic signature scheme.
.Pp
The
.Tn IA32
More information about the svn-src-head
mailing list