From: Mohacsi Janos (mohacsiniif.hu)
Date: Mon Dec 03 2007 - 01:15:18 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 3 Dec 2007, Norberto Meijome wrote:

> Hi everyone,
>
> Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ .
>
> should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? :
>
> "
> MD5 has not yet (2001-09-03) been broken, but sufficient attacks have
> been made that its security is in some doubt. The attacks on MD5 are in
> the nature of finding ``collisions'' -- that is, multiple inputs which
> hash to the same value; it is still unlikely for an attacker to be able
> to determine the exact original input given a hash value.
> "

Some measures are already taken:
- FreeBSD ports use not only MD5 but SHA256 additionaly
- Same applied for FreeBSD ISO images

Best Regards,

Janos Mohacsi
Network Engineer, Research Associate, Head of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882

_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]