From 11fe28a14abeb56e8392a16d083c940ea2c8a387 Mon Sep 17 00:00:00 2001 From: wollman Date: Thu, 11 Feb 1999 20:31:49 +0000 Subject: Add a note about the insecurity of MD4 and potential vulnerability of MD5 to similar attacks. --- lib/libmd/mdX.3 | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'lib/libmd') diff --git a/lib/libmd/mdX.3 b/lib/libmd/mdX.3 index 21e4d45..b4ddba9 100644 --- a/lib/libmd/mdX.3 +++ b/lib/libmd/mdX.3 @@ -6,9 +6,9 @@ .\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp .\" ---------------------------------------------------------------------------- .\" -.\" $Id: mdX.3,v 1.12 1998/03/19 07:34:12 charnier Exp $ +.\" $Id: mdX.3,v 1.13 1998/03/27 10:22:07 phk Exp $ .\" -.Dd October 9, 1996 +.Dd February 11, 1999 .Dt MDX 3 .Os FreeBSD 2 .Sh NAME @@ -47,8 +47,13 @@ input. .Pp MD2 is the slowest, MD4 is the fastest and MD5 is somewhere in the middle. MD2 can only be used for Privacy-Enhanced Mail. -MD4 has been criticized for being too weak, so MD5 was developed in -response as ``MD4 with safety-belts''. When in doubt, use MD5. +MD4 has now been broken; it should only be used where necessary for +backward compatibility. +MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been +made that its security is in some doubt. The attacks on both MD4 and MD5 +are both in the nature of finding ``collisions'' \- that is, multiple +inputs which hash to the same value; it is still unlikely for an attacker +to be able to determine the exact original input given a hash value. .Pp The .Fn MDXInit , @@ -124,6 +129,21 @@ argument is non-null it must point to at least 33 characters of buffer space. .Rs .%A RSA Laboratories .%T Frequently Asked Questions About today's Cryptography +.%O \& +.Re +.Rs +.%A H. Dobbertin +.%T Alf Swindles Ann +.%J CryptoBytes +.%N 1(3):5 +.%D 1995 +.Re +.Rs +.%A MJ. B. Robshaw +.%T On Recent Results for MD2, MD4 and MD5 +.%J RSA Laboratories Bulletin +.%N 4 +.%D November 12, 1996 .Re .Sh AUTHORS The original MDX routines were developed by -- cgit v1.1