From jamie@dyslexicfish.net  Sat Mar 29 10:08:28 2014
Return-Path: <jamie@dyslexicfish.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 223F8ABC
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Mar 2014 10:08:28 +0000 (UTC)
Received: from pacha.mail.dyslexicfish.net (space.mail.dyslexicfish.net [91.109.5.35])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 9B44CE50
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Mar 2014 10:08:22 +0000 (UTC)
Received: from catnip.dyslexicfish.net (space.mail.dyslexicfish.net [91.109.5.35])
	by pacha.mail.dyslexicfish.net (8.14.5/8.14.5) with ESMTP id s2T9pSgg028623
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Mar 2014 09:51:29 GMT
	(envelope-from jamie@catnip.dyslexicfish.net)
Received: (from jamie@localhost)
	by catnip.dyslexicfish.net (8.14.5/8.14.5/Submit) id s2T9pS9u028622;
	Sat, 29 Mar 2014 09:51:28 GMT
	(envelope-from jamie)
Message-Id: <201403290951.s2T9pS9u028622@catnip.dyslexicfish.net>
Date: Sat, 29 Mar 2014 09:51:28 GMT
From: Jamie Landeg-Jones <jamie@dyslexicfish.net>
Reply-To: Jamie Landeg-Jones <jamie@dyslexicfish.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: man page for md5/sha1/sha256/sha412/rmd-160 cleanup
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         188043
>Category:       docs
>Synopsis:       [patch] man page for md5/sha1/sha256/sha412/rmd-160 cleanup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bjk
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 29 10:10:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Sun May 18 21:20:02 UTC 2014
>Originator:     Jamie Landeg-Jones
>Release:        FreeBSD 10.0-STABLE amd64
>Organization:
Dyslexic Fish
>Environment:
System: FreeBSD catnip.dyslexicfish.net 10.0-STABLE FreeBSD 10.0-STABLE #0: Wed Jan 22 09:10:20 GMT 2014 root@catflap.dyslexicfish.net:/usr/obj/usr/src/sys/CATFLAP amd64


	
>Description:

man page shows for -c option: "Compare files to this md5 string."

This is misleading - the string needs to be in the same format as the digest command being used.

I suggest something like:

"Compare the files message digest to this string."

Also, suggest updating the date relating to known exploits.

>How-To-Repeat:

man sha1
man sha256
man sha512
man rmd-160
>Fix:

Apply attached patch suggestion

	

--- patch-md5.1 begins here ---
--- md5.1.orig	2014-02-17 01:41:53.000000000 +0000
+++ md5.1	2014-03-29 09:35:16.000000000 +0000
@@ -63,12 +63,12 @@
 This also means that
 .Tn MD5
 should not be used as part of a cryptographic signature scheme.
-At the current time (2009-01-06) there is no publicly known method to
+At the current time (2014-03-28) there is no publicly known method to
 .Dq reverse
 MD5, i.e., to find an input given a hash value.
 .Pp
 .Tn SHA-1
-currently (2009-01-06) has no known collisions, but an attack has been
+currently (2014-03-28) has no known collisions, but an attack has been
 found which is faster than a brute-force search, placing the security of
 .Tn SHA-1
 in doubt.
@@ -83,7 +83,7 @@
 after the options are processed.
 .Bl -tag -width indent
 .It Fl c Ar string
-Compare files to this md5 string.
+Compare the files message digest to this string.
 (Note that this option is not yet useful if multiple files are specified.)
 .It Fl s Ar string
 Print a checksum of the given
--- patch-md5.1 ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->bjk 
Responsible-Changed-By: bjk 
Responsible-Changed-When: Sat May 17 04:13:58 UTC 2014 
Responsible-Changed-Why:  
take 

http://www.freebsd.org/cgi/query-pr.cgi?pr=188043 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/188043: commit references a PR
Date: Sun, 18 May 2014 21:17:03 +0000 (UTC)

 Author: bjk (doc committer)
 Date: Sun May 18 21:16:59 2014
 New Revision: 266417
 URL: http://svnweb.freebsd.org/changeset/base/266417
 
 Log:
   Assorted updates to md5.1
   
   Note that the -c argument's parameter is compared against the digest of
   the file, not the file. [1]
   
   Update the "current time" parentheticals for notes about reversing
   and colliding the hash functions. [1]
   
   Some general mdoc updates.
   
   PR:		docs/188043 [1]
   Submitted by:	Jamie Landeg-Jones [1]
   Approved by:	hrs (mentor)
   MFC after:	1 week
 
 Modified:
   head/sbin/md5/md5.1
 
 Modified: head/sbin/md5/md5.1
 ==============================================================================
 --- head/sbin/md5/md5.1	Sun May 18 21:05:54 2014	(r266416)
 +++ head/sbin/md5/md5.1	Sun May 18 21:16:59 2014	(r266417)
 @@ -1,5 +1,5 @@
  .\" $FreeBSD$
 -.Dd July 31, 2012
 +.Dd May 17, 2014
  .Dt MD5 1
  .Os
  .Sh NAME
 @@ -63,12 +63,12 @@ concerned, and should not be relied upon
  This also means that
  .Tn MD5
  should not be used as part of a cryptographic signature scheme.
 -At the current time (2009-01-06) there is no publicly known method to
 +At the current time (2014-05-17) there is no publicly known method to
  .Dq reverse
  MD5, i.e., to find an input given a hash value.
  .Pp
  .Tn SHA-1
 -currently (2009-01-06) has no known collisions, but an attack has been
 +currently (2014-05-17) has no known collisions, but an attack has been
  found which is faster than a brute-force search, placing the security of
  .Tn SHA-1
  in doubt.
 @@ -83,15 +83,15 @@ The hexadecimal checksum of each file li
  after the options are processed.
  .Bl -tag -width indent
  .It Fl c Ar string
 -Compare files to this md5 string.
 -(Note that this option is not yet useful if multiple files are specified.)
 +Compare the digest of the file against this string.
 +.Pq Note that this option is not yet useful if multiple files are specified.
  .It Fl s Ar string
  Print a checksum of the given
  .Ar string .
  .It Fl p
  Echo stdin to stdout and append the checksum to stdout.
  .It Fl q
 -Quiet mode - only the checksum is printed out.
 +Quiet mode \(em only the checksum is printed out.
  Overrides the
  .Fl r
  option.
 @@ -114,7 +114,9 @@ and
  .Nm rmd160
  utilities exit 0 on success,
  1 if at least one of the input files could not be read,
 -and 2 if at least one file does not have the same hash as the -c option.
 +and 2 if at least one file does not have the same hash as the
 +.Fl c
 +option.
  .Sh SEE ALSO
  .Xr cksum 1 ,
  .Xr md5 3 ,
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
