NetBSD Problem Report #44160
From riastradh@smalltalk.local Sat Nov 27 03:43:51 2010
Return-Path: <riastradh@smalltalk.local>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 3B3E463B95F
for <gnats-bugs@gnats.NetBSD.org>; Sat, 27 Nov 2010 03:43:51 +0000 (UTC)
Message-Id: <20101127034351.5617F72@smalltalk.local>
Date: Sat, 27 Nov 2010 03:43:51 +0000 (UTC)
From: Taylor R Campbell <campbell+netbsd@mumble.net>
Reply-To: Taylor R Campbell <campbell+netbsd@mumble.net>
To: gnats-bugs@gnats.NetBSD.org
Subject: outdated claim of cryptographic strength in md5(1) man page
X-Send-Pr-Version: 3.95
>Number: 44160
>Category: bin
>Synopsis: outdated claim of cryptographic strength in md5(1) man page
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: riastradh
>State: closed
>Class: doc-bug
>Submitter-Id: net
>Arrival-Date: Sat Nov 27 03:45:00 +0000 2010
>Closed-Date: Wed Aug 22 21:14:30 +0000 2012
>Last-Modified: Wed Aug 22 21:14:30 +0000 2012
>Originator: Taylor R Campbell <campbell+netbsd@mumble.net>
>Release: NetBSD 5.1_STABLE
>Organization:
>Environment:
>Description:
The md5(1) man page claims of MD5 message digests that
`It is conjectured that it is computationally
infeasible to produc[e] two messages having the same
message digest, or to produce any message having a
given prespecified target message digest.'
This has not been true for many years. In particular, not only
have collisions been found, but they are so easy to find that
they have been used successfully to forge x.509 certificates
from commercial certification authorities; see
<http://www.win.tue.nl/hashclash/rogue-ca/>.
>How-To-Repeat:
Type `man md5'.
>Fix:
Replace the security conjecture by an exhortation NOT to rely
on the collision-resistance of MD5. There are also theoretical
attacks on its preimage-resistance.
>Release-Note:
>Audit-Trail:
From: Alistair Crooks <agc@pkgsrc.org>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1) man page
Date: Sat, 27 Nov 2010 05:48:52 +0100
On Sat, Nov 27, 2010 at 03:45:00AM +0000, Taylor R Campbell wrote:
> The md5(1) man page claims of MD5 message digests that
>
> `It is conjectured that it is computationally
> infeasible to produc[e] two messages having the same
> message digest, or to produce any message having a
> given prespecified target message digest.'
>
> This has not been true for many years. In particular, not only
> have collisions been found, but they are so easy to find that
> they have been used successfully to forge x.509 certificates
> from commercial certification authorities; see
> <http://www.win.tue.nl/hashclash/rogue-ca/>.
Beware of confusing two different things; the first part of the quoted
sentence relates to weak collisions, and you are correct that time has
overtaken the text. The second part of the sentence relates to
pre-imaging attacks, and the current (theoretical) pre-imaging
weakness of md5 (from 2009) is 2^123.4 - http://en.wikipedia.org/wiki/MD5
"In April 2009, a preimage attack against MD5 was published
that breaks MD5's preimage resistance. This attack is only
theoretical, with a computational complexity of 2123.4 for
full preimage and 2116.9 for a pseudo-preimage.[27]"
Regards,
Alistair
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1)
man page
Date: Sun, 24 Jun 2012 21:00:40 +0000
Not sent to gnats-bugs.
------
From: Julian Fagir <gnrp@komkon2.de>
To: gnats@netbsd.org
Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1) man
page
Date: Sun, 24 Jun 2012 01:03:02 +0200
What about the following sentence?
While several messages with the same message digests have been found, it is
still considered unfeasible to generate a message with a prespecified message
digest.
Regards, Julian
From: <Paul_Koning@Dell.com>
To: <gnats-bugs@NetBSD.org>
Cc: <gnats-admin@netbsd.org>, <netbsd-bugs@netbsd.org>,
<campbell+netbsd@mumble.net>
Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1)
man page
Date: Mon, 25 Jun 2012 00:50:57 +0000
I think that statement is accurate so far as it goes. But I do not think i=
t should be used.
The trouble is that it could be read to imply that MD5 is still considered =
an adequate secure hash, and I believe that is not the case. The attacks f=
ound against MD5 are more than sufficient to disqualify it from considerati=
on except in cases where it is required for backward compatibility.=20
If there were no alternatives, it would be worth doing the detailed analysi=
s to see just exactly what subset of hash function applications have not ye=
t been broken for MD5, but there are better alternatives, so the simple and=
prudent approach is to drop MD5 outright and not use it for anything.
So I think a better statement would be: "MD5 no longer meets some of the pr=
imary requirements of a secure hash function. While in principle there sti=
ll are some applications where it could be used, a prudent approach to secu=
rity implies that MD5 should be viewed as obsolete and should not be used f=
or new applications."
paul
> From: Julian Fagir <gnrp@komkon2.de>
> To: gnats@netbsd.org
> Subject: Re: bin/44160: outdated claim of cryptographic strength in md5(1=
) man
> page
> Date: Sun, 24 Jun 2012 01:03:02 +0200
>=20
> What about the following sentence?
>=20
> While several messages with the same message digests have been found, it =
is
> still considered unfeasible to generate a message with a prespecified mes=
sage
> digest.
>=20
> Regards, Julian
>=20
Responsible-Changed-From-To: bin-bug-people->riastradh
Responsible-Changed-By: riastradh@NetBSD.org
Responsible-Changed-When: Mon, 25 Jun 2012 02:27:36 +0000
Responsible-Changed-Why:
mine
State-Changed-From-To: open->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Mon, 25 Jun 2012 02:27:36 +0000
State-Changed-Why:
Fixed.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: src/usr.bin/cksum
Date: Mon, 25 Jun 2012 02:32:12 +0000
Module Name: src
Committed By: riastradh
Date: Mon Jun 25 02:32:12 UTC 2012
Modified Files:
src/usr.bin/cksum: cksum.1
Log Message:
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: closed->pending-pullups
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 25 Jun 2012 03:15:28 +0000
State-Changed-Why:
pullup-4 #1453
pullup-5 #1778
pullup-6 #374
From: "Julian Coleman" <jdc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: [netbsd-6] src/usr.bin/cksum
Date: Mon, 2 Jul 2012 21:17:18 +0000
Module Name: src
Committed By: jdc
Date: Mon Jul 2 21:17:18 UTC 2012
Modified Files:
src/usr.bin/cksum [netbsd-6]: cksum.1
Log Message:
Pull up revision 1.44 (requested by dholland in ticket #374).
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.43.8.1 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: [netbsd-4-0] src/usr.bin/cksum
Date: Wed, 22 Aug 2012 19:49:30 +0000
Module Name: src
Committed By: bouyer
Date: Wed Aug 22 19:49:30 UTC 2012
Modified Files:
src/usr.bin/cksum [netbsd-4-0]: cksum.1
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1453):
usr.bin/cksum/cksum.1: revision 1.44 via patch
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.12.1 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: [netbsd-4] src/usr.bin/cksum
Date: Wed, 22 Aug 2012 19:49:40 +0000
Module Name: src
Committed By: bouyer
Date: Wed Aug 22 19:49:40 UTC 2012
Modified Files:
src/usr.bin/cksum [netbsd-4]: cksum.1
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1453):
usr.bin/cksum/cksum.1: revision 1.44 via patch
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.2.1 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: [netbsd-5-0] src/usr.bin/cksum
Date: Wed, 22 Aug 2012 20:36:25 +0000
Module Name: src
Committed By: bouyer
Date: Wed Aug 22 20:36:25 UTC 2012
Modified Files:
src/usr.bin/cksum [netbsd-5-0]: cksum.1
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1778):
usr.bin/cksum/cksum.1: revision 1.44 via patch
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.26.1 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: [netbsd-5-1] src/usr.bin/cksum
Date: Wed, 22 Aug 2012 20:36:28 +0000
Module Name: src
Committed By: bouyer
Date: Wed Aug 22 20:36:28 UTC 2012
Modified Files:
src/usr.bin/cksum [netbsd-5-1]: cksum.1
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1778):
usr.bin/cksum/cksum.1: revision 1.44 via patch
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.30.1 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44160 CVS commit: [netbsd-5] src/usr.bin/cksum
Date: Wed, 22 Aug 2012 20:36:40 +0000
Module Name: src
Committed By: bouyer
Date: Wed Aug 22 20:36:40 UTC 2012
Modified Files:
src/usr.bin/cksum [netbsd-5]: cksum.1
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1778):
usr.bin/cksum/cksum.1: revision 1.44 via patch
Omit outdated cryptographic claims as noted in PR 44160.
Interested readers can follow the references or read Wikipedia; this
is the wrong place to explain cryptographic hash functions and give
security advice.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.24.1 src/usr.bin/cksum/cksum.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 22 Aug 2012 21:14:30 +0000
State-Changed-Why:
Pulled up to all branches.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.