On 2019-05-21 19:03, Rodney W. Grimes wrote: >> Author: allanjude >> Date: Tue May 21 22:17:00 2019 >> New Revision: 348073 >> URL: https://svnweb.freebsd.org/changeset/base/348073 >> >> Log: >> Add admonitions against using MD5 and SHA1 to the API man pages >> >> Modified: >> head/lib/libmd/mdX.3 >> head/lib/libmd/sha.3 >> >> Modified: head/lib/libmd/mdX.3 >> ============================================================================== >> --- head/lib/libmd/mdX.3 Tue May 21 22:11:53 2019 (r348072) >> +++ head/lib/libmd/mdX.3 Tue May 21 22:17:00 2019 (r348073) >> @@ -208,6 +208,8 @@ This code is derived directly from these implementatio >> .Pp >> Phk ristede runen. >> .Sh BUGS >> -No method is known to exist which finds two files having the same hash >> value, >> -nor to find a file with a specific hash value. >> -There is on the other hand no guarantee that such a method does not exist. >> +The >> +.Tn MD5 > > There needs to be a discussion about .Tn, some people are ripping > them out of man pages, others are adding them. mandoc is a semantic > mark up language, .Tn gives the following word the semantic of being > a Tradename. > > Yes, I know, mandoc ignroes them BUTT other tools do not, mandoc is > not the end all in what can process our man pages, groff/troff should > still be able to produce photo typesetter output and the .Tn's look > nice when you do that. > > I would like to see that we stop removing them and infact, as this > man page does, properly recognize trademarks/names in our man pages > "as is often required by law." > > Now, one final nit, I can neither verify nor deny that "MD5" is > a tradename. > >> +algorithm has been proven to be vulnerable to practical collision >> +attacks and should not be relied upon to produce unique outputs, >> +.Em nor should they be used as part of a cryptographic signature scheme. >> >> Modified: head/lib/libmd/sha.3 >> ============================================================================== >> --- head/lib/libmd/sha.3 Tue May 21 22:11:53 2019 (r348072) >> +++ head/lib/libmd/sha.3 Tue May 21 22:17:00 2019 (r348073) >> @@ -191,9 +191,11 @@ published >> .Tn FIPS >> standards. >> .Sh BUGS >> -No method is known to exist which finds two files having the same hash >> value, >> -nor to find a file with a specific hash value. >> -There is on the other hand no guarantee that such a method does not exist. >> +The >> +.Tn SHA1 >> +algorithm has been proven to be vulnerable to practical collision >> +attacks and should not be relied upon to produce unique outputs, >> +.Em nor should they be used as part of a cryptographic signature scheme. >> .Pp >> The >> .Tn IA32 >> >> >
I borrowed the message (with .Tn markup) from the md5(1) man page, and just added it to the library reference man pages since they said 'No method is known to exist which finds two files having the same hash value' which has not been true in a while. I did not spend any effort deciding which markup to use there, as I don't think MD5 or SHA1 are tradenames, just acronyms. -- Allan Jude
signature.asc
Description: OpenPGP digital signature
