SHA-1 collisions have now been found so update some man pages. As noted by

minek van on misc@. Thanks.

ok tb@, tj@

(and jmc@ is ok with the diff but can't ok the technical content).

1 files changed, 9 insertions, 5 deletions

diff --git a/lib/libc/hash/sha1.3 b/lib/libc/hash/sha1.3
index eeb6d10ae47..f745e42008e 100644
--- a/lib/libc/hash/sha1.3
+++ b/lib/libc/hash/sha1.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sha1.3,v 1.44 2016/09/04 09:24:38 tedu Exp $
+.\"	$OpenBSD: sha1.3,v 1.45 2017/02/23 20:46:08 daniel Exp $
 .\"
 .\" Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
@@ -17,7 +17,7 @@
 .\" See http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.txt
 .\" for the detailed standard
 .\"
-.Dd $Mdocdate: September 4 2016 $
+.Dd $Mdocdate: February 23 2017 $
 .Dt SHA1INIT 3
 .Os
 .Sh NAME
@@ -61,9 +61,13 @@ The algorithm takes a
 message less than 2^64 bits as input and produces a 160-bit digest
 suitable for use as a digital signature.
 .Pp
-The SHA1 functions are considered to be more secure than the
-.Xr md5 3
-functions with which they share a similar interface.
+SHA-1 has been broken; it should only be used where necessary for
+backward compatibility.
+The attack on SHA-1 is in the nature of finding
+.Dq collisions
+\(em that is, multiple inputs which hash to the same value.
+It is still unlikely for an attacker to be able to determine the exact
+original input given a hash value.
 .Pp
 The
 .Fn SHA1Init