Mention collision attacks on MD5. From the md5(3) man page.

PR: docs/14158 Reviewed by: kris Submitted by: Eric Frias <efrias@sg505.net>
svn path=/head/; revision=82912
2024-12-04 09:09:56 +00:00 · 2001-09-04 01:01:07 +00:00 · 2001-09-04 01:01:07 +00:00 · cc2a5b08a7 · 2020-12-20 02:59:44 +00:00
commit cc2a5b08a7
parent c271258542
1 changed files with 6 additions and 0 deletions
--- a/sbin/md5/md5.1
+++ b/sbin/md5/md5.1
@ -28,6 +28,12 @@ in a secure manner before being encrypted with a private
 key under a public-key cryptosystem such as
 .Em RSA .
 .Pp
+MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been
+made that its security is in some doubt.  The attacks on MD5
+are in the nature of finding ``collisions'' \- that is, multiple
+inputs which hash to the same value; it is still unlikely for an attacker
+to be able to determine the exact original input given a hash value.
+.Pp
 The following options may be used in any combination and must
 precede any files named on the command line.  The MD5
 sum of each file listed on the command line is printed after the options