bin/44160: outdated claim of cryptographic strength in md5(1) man page

[Taylor R Campbell <campbell+netbsd%mumble.net@localhost>]

>Number:         44160
>Category:       bin
>Synopsis:       outdated claim of cryptographic strength in md5(1) man page
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 27 03:45:00 +0000 2010
>Originator:     Taylor R Campbell <campbell+netbsd%mumble.net@localhost>
>Release:        NetBSD 5.1_STABLE
>Organization:
>Environment:
>Description:

        The md5(1) man page claims of MD5 message digests that

                `It is conjectured that it is computationally
                infeasible to produc[e] two messages having the same
                message digest, or to produce any message having a
                given prespecified target message digest.'

        This has not been true for many years.  In particular, not only
        have collisions been found, but they are so easy to find that
        they have been used successfully to forge x.509 certificates
        from commercial certification authorities; see
        <http://www.win.tue.nl/hashclash/rogue-ca/>.

>How-To-Repeat:

        Type `man md5'.

>Fix:

        Replace the security conjecture by an exhortation NOT to rely
        on the collision-resistance of MD5.  There are also theoretical
        attacks on its preimage-resistance.