[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#6789: MD5 is broken
From: |
Bruno Haible |
Subject: |
bug#6789: MD5 is broken |
Date: |
Sat, 14 Aug 2010 19:19:04 +0200 |
User-agent: |
KMail/1.9.9 |
Hi Pádraig,
> I also removed the addition to --help
> (and consequently the man page), as I think it's overkill.
It's common to list important issues with a program or function
in the BUGS section of the manual page. For example,
$ man 3 tempnam
...
BUGS
...
Never use this function. Use mkstemp(3) or tmpfile(3) instead.
In particular if the use of a program may have severe security implications,
I would expect to know about it from the manual page.
> If we were to add something to --help it should
> probably be also done for sha1sum
The attacks on SHA-1 are less advanced than those on MD5, currently.
But if you would warn against use of SHA-1 also, please go ahead.
> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
> Author: Bruno Haible <address@hidden>
> Date: Tue Aug 10 01:56:36 2010 +0100
>
> doc: improve the info on md5sum security weaknesses
>
> * doc/coreutils.texi (md5sum invocation): Mention currently known
> security problems. Don't recommend SHA-1 as alternative.
> Reported by Simon Josefsson
You haven't pushed this so far, I think?
Bruno
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), (continued)
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/04
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Simon Josefsson, 2010/08/04
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paolo Bonzini, 2010/08/04
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/05
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paolo Bonzini, 2010/08/06
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/06
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Simon Josefsson, 2010/08/08
- bug#6789: MD5 is broken, Bruno Haible, 2010/08/08
- bug#6789: MD5 is broken, Paul Eggert, 2010/08/09
- bug#6789: MD5 is broken, Pádraig Brady, 2010/08/09
- bug#6789: MD5 is broken,
Bruno Haible <=
- bug#6789: MD5 is broken, Pádraig Brady, 2010/08/14
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Bruno Haible, 2010/08/08
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/09
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Bruno Haible, 2010/08/10
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/11
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Bruno Haible, 2010/08/09
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/09
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Bruno Haible, 2010/08/09
- bug#6789: propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils), Paul Eggert, 2010/08/10