MD5 Collisions...

Colin Percival cperciva at freebsd.org
Mon Dec 3 21:26:43 PST 2007


Norberto Meijome wrote:
> should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :
> 
> "     
> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
>      been made that its security is in some doubt.  The attacks on MD5 are in
>      the nature of finding ``collisions'' -- that is, multiple inputs which
>      hash to the same value; it is still unlikely for an attacker to be able
>      to determine the exact original input given a hash value.
> "

I fail to see how the man page is incorrect here.  What do you think it should
be saying instead?

Colin Percival
FreeBSD Security Officer



More information about the freebsd-security mailing list