diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2010-07-13 22:34:46 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2010-07-13 22:34:46 +0000 |
| commit | 015a751b6ddb5abcc29939b06ac852313af02832 (patch) | |
| tree | 39bbd72d21180e579d15da1cf945dbd6bb8268cd | |
| parent | 0c15778a0825226596fe41ee7edcbd86801fcfdb (diff) | |
update our recommended hash function to sha256 and note md5 is broken.
ok deraadt jmc millert sobrado
| -rw-r--r-- | bin/md5/md5.1 | 6 | ||||
| -rw-r--r-- | lib/libc/hash/mdX.3 | 13 |
2 files changed, 7 insertions, 12 deletions
diff --git a/bin/md5/md5.1 b/bin/md5/md5.1 index eb938f069a2..3ba1ba98ee4 100644 --- a/bin/md5/md5.1 +++ b/bin/md5/md5.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: md5.1,v 1.30 2010/07/13 06:57:37 jmc Exp $ +.\" $OpenBSD: md5.1,v 1.31 2010/07/13 22:34:45 tedu Exp $ .\" .\" Copyright (c) 2003, 2004, 2006 Todd C. Miller <Todd.Miller@courtesan.com> .\" @@ -40,7 +40,7 @@ message having a given prespecified target message digest. However, collisions have now been produced for .Em MD5 , so the use of other message digest functions, such as -.Xr sha1 1 , +.Xr sha256 1 , is now preferred. .Pp The @@ -107,5 +107,5 @@ options are processed. Since collisions have been found for .Em MD5 , the use of -.Xr sha1 1 +.Xr sha256 1 is recommended instead. diff --git a/lib/libc/hash/mdX.3 b/lib/libc/hash/mdX.3 index 480368b6152..425b77076b4 100644 --- a/lib/libc/hash/mdX.3 +++ b/lib/libc/hash/mdX.3 @@ -6,9 +6,9 @@ .\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp .\" ---------------------------------------------------------------------------- .\" -.\" $OpenBSD: mdX.3,v 1.10 2007/05/31 19:19:29 jmc Exp $ +.\" $OpenBSD: mdX.3,v 1.11 2010/07/13 22:34:45 tedu Exp $ .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: July 13 2010 $ .Dt MDX 3 .Os .Sh NAME @@ -53,10 +53,8 @@ This net result is a .Dq fingerprint of the input-data, which doesn't disclose the actual input. .Pp -MD4 has been broken; it should only be used where necessary for +MD4 and MD5 have been broken; they should only be used where necessary for backward compatibility. -MD5 has not yet (1999-02-11) been broken, but recent attacks have cast -some doubt on its security properties. The attacks on both MD4 and MD5 are both in the nature of finding .Dq collisions @@ -210,8 +208,5 @@ helper functions are derived from code written by Poul-Henning Kamp. .Sh BUGS Collisions have been found for the full versions of both MD4 and MD5. The use of -.Xr sha1 3 , -.Xr sha2 3 , -or -.Xr rmd160 3 +.Xr sha2 3 is recommended instead. |