MD5 Collisions...
Colin Percival
cperciva at freebsd.org
Mon Dec 3 21:26:43 PST 2007
Norberto Meijome wrote:
> should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :
>
> "
> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
> been made that its security is in some doubt. The attacks on MD5 are in
> the nature of finding ``collisions'' -- that is, multiple inputs which
> hash to the same value; it is still unlikely for an attacker to be able
> to determine the exact original input given a hash value.
> "
I fail to see how the man page is incorrect here. What do you think it should
be saying instead?
Colin Percival
FreeBSD Security Officer
More information about the freebsd-security
mailing list