[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6789: MD5 is broken

From: Pádraig Brady
Subject: bug#6789: MD5 is broken
Date: Sat, 14 Aug 2010 23:56:59 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100227 Thunderbird/3.0.3

On 14/08/10 18:19, Bruno Haible wrote:
> Hi Pádraig,
>> I also removed the addition to --help
>> (and consequently the man page), as I think it's overkill.
> It's common to list important issues with a program or function
> in the BUGS section of the manual page. For example,
>   $ man 3 tempnam
>   ...
>   BUGS
>   ...
>          Never use this function.  Use mkstemp(3) or tmpfile(3) instead.
> In particular if the use of a program may have severe security implications,
> I would expect to know about it from the manual page.

OK cool. I was thinking that warnings would be more appropriate
in library docs rather than the user util, but I will add
the warning to BUGS in man/md5sum.x and leave --help unchanged.

>> If we were to add something to --help it should
>> probably be also done for sha1sum
> The attacks on SHA-1 are less advanced than those on MD5, currently.
> But if you would warn against use of SHA-1 also, please go ahead.
>> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
>> Author: Bruno Haible <address@hidden>
>> Date:   Tue Aug 10 01:56:36 2010 +0100
>>     doc: improve the info on md5sum security weaknesses
>>     * doc/coreutils.texi (md5sum invocation): Mention currently known
>>     security problems. Don't recommend SHA-1 as alternative.
>>     Reported by Simon Josefsson
> You haven't pushed this so far, I think?

I only added it to my local queue in case there was
feedback on my amendments. I will apply the update now.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]