MD5 Collisions...

[Roger Marquis]

Colin Percival wrote:
>> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
>>      been made that its security is in some doubt.  The attacks on MD5 are in
>>      the nature of finding ``collisions'' -- that is, multiple inputs which
>>      hash to the same value; it is still unlikely for an attacker to be able
>>      to determine the exact original input given a hash value.
>> "
>
> I fail to see how the man page is incorrect here.  What do you think it should
> be saying instead?

I would drop the statement altogether since it is not accurate for MD5
signatures of binary packages and tarballs.  At the very least define the
specific scenarios under which MD5 can be broken and drop the "its security
is in some doubt" claim.  Vague statements about crypto are worse than none
at all.

-- 
Roger Marquis