bug#6789: MD5 is broken

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6789: MD5 is broken

From:	Bruno Haible
Subject:	bug#6789: MD5 is broken
Date:	Sat, 14 Aug 2010 19:19:04 +0200
User-agent:	KMail/1.9.9

Hi Pádraig,

> I also removed the addition to --help
> (and consequently the man page), as I think it's overkill.

It's common to list important issues with a program or function
in the BUGS section of the manual page. For example,

  $ man 3 tempnam
  ...
  BUGS
  ...
         Never use this function.  Use mkstemp(3) or tmpfile(3) instead.

In particular if the use of a program may have severe security implications,
I would expect to know about it from the manual page.

> If we were to add something to --help it should
> probably be also done for sha1sum

The attacks on SHA-1 are less advanced than those on MD5, currently.
But if you would warn against use of SHA-1 also, please go ahead.

> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
> Author: Bruno Haible <address@hidden>
> Date:   Tue Aug 10 01:56:36 2010 +0100
> 
>     doc: improve the info on md5sum security weaknesses
> 
>     * doc/coreutils.texi (md5sum invocation): Mention currently known
>     security problems. Don't recommend SHA-1 as alternative.
>     Reported by Simon Josefsson

You haven't pushed this so far, I think?

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), (continued)

Prev by Date: bug#6555: stat enhancement
Next by Date: bug#6789: MD5 is broken
Previous by thread: bug#6789: MD5 is broken
Next by thread: bug#6789: MD5 is broken
Index(es):
- Date
- Thread