Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page

[<Paul_Koning%Dell.com@localhost>]

I think that statement is accurate so far as it goes.  But I do not think it 
should be used.

The trouble is that it could be read to imply that MD5 is still considered an 
adequate secure hash, and I believe that is not the case.  The attacks found 
against MD5 are more than sufficient to disqualify it from consideration except 
in cases where it is required for backward compatibility. 

If there were no alternatives, it would be worth doing the detailed analysis to 
see just exactly what subset of hash function applications have not yet been 
broken for MD5, but there are better alternatives, so the simple and prudent 
approach is to drop MD5 outright and not use it for anything.

So I think a better statement would be: "MD5 no longer meets some of the 
primary requirements of a secure hash function.  While in principle there still 
are some applications where it could be used, a prudent approach to security 
implies that MD5 should be viewed as obsolete and should not be used for new 
applications."

        paul

> From: Julian Fagir <gnrp%komkon2.de@localhost>
> To: gnats%netbsd.org@localhost
> Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1) man
>       page
> Date: Sun, 24 Jun 2012 01:03:02 +0200
> 
> What about the following sentence?
> 
> While several messages with the same message digests have been found, it is
> still considered unfeasible to generate a message with a prespecified message
> digest.
> 
> Regards, Julian
>