From nobody@FreeBSD.org  Tue Jan  6 17:14:23 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B68D11065675
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  6 Jan 2009 17:14:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id A4AB88FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  6 Jan 2009 17:14:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n06HEN1F099624
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 6 Jan 2009 17:14:23 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n06HENnP099623;
	Tue, 6 Jan 2009 17:14:23 GMT
	(envelope-from nobody)
Message-Id: <200901061714.n06HENnP099623@www.freebsd.org>
Date: Tue, 6 Jan 2009 17:14:23 GMT
From: "O. Hartmann" <ohartman@zedat.fu-berlin.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: md5(1); md5 is reported to be compromised, but manpage reports others!
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         130239
>Category:       docs
>Synopsis:       md5(1); md5 is reported to be compromised, but manpage reports others!
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    cperciva
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 06 17:20:03 UTC 2009
>Closed-Date:    Tue Aug 02 03:48:27 UTC 2011
>Last-Modified:  Tue Aug 02 03:48:27 UTC 2011
>Originator:     O. Hartmann
>Release:        FreeBSD 8-CUR/AMD64
>Organization:
FU Berlin
>Environment:
>Description:
MD5(1) hash algorithm is reported to be compromised. This fact known in theory since 2004 has been undergone aproval on the 25th Annual Chaos Communication Congress in Berlin, Germany. MD5 is now considered harmful!

Manpage of md5(1) should have a note on that, the line "... MD5 has not yet (2007-03-05) been broken..." should be corrected.

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Tue Jan 6 19:02:05 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130239 
Responsible-Changed-From-To: remko->cperciva 
Responsible-Changed-By: remko 
Responsible-Changed-When: Tue Jan 6 20:51:24 UTC 2009 
Responsible-Changed-Why:  
Colin committed a fix for this, make this his MFC reminder! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130239 
State-Changed-From-To: open->patched 
State-Changed-By: gavin 
State-Changed-When: Wed Aug 12 15:08:46 UTC 2009 
State-Changed-Why:  
Fixed in HEAD (SVN r186836), doesn't seem to have been MFC'd yet. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130239 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Aug 2 03:48:26 UTC 2011 
State-Changed-Why:  
Committed and MFCed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130239 
>Unformatted:
