From 109ba4441b9c00c127c7d37c0bc0ef3e18c63159 Mon Sep 17 00:00:00 2001 From: =?utf8?q?P=C3=A1draig=20Brady?= Date: Tue, 28 Feb 2017 20:14:58 -0800 Subject: [PATCH] doc: indicate sha1 has the same limitations as md5 * doc/coreutils.texi (sha1sum invocation): Given that a SHA-1 preimage attack has occurred as documented at http://shattered.io/, document sha1sum as having the same limitations as md5sum. (md5sum): Parameterize the warning for use in both cases. * man/md5sum.x: Mention b2sum(1) as a more secure alternative. * man/sha1sum.x: Give the same warning as done for md5sum(1). --- doc/coreutils.texi | 18 ++++++++---------- man/md5sum.x | 3 ++- man/sha1sum.x | 5 +++++ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/doc/coreutils.texi b/doc/coreutils.texi index f9ab490411..3a8517cf5b 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -3818,16 +3818,19 @@ as the length is automatically determined when checking. @command{md5sum} computes a 128-bit checksum (or @dfn{fingerprint} or @dfn{message-digest}) for each specified @var{file}. -Note: The MD5 digest is more reliable than a simple CRC (provided by +@macro weakHash{hash} +Note: The \hash\ digest is more reliable than a simple CRC (provided by the @command{cksum} command) for detecting accidental file corruption, -as the chances of accidentally having two files with identical MD5 +as the chances of accidentally having two files with identical \hash\ are vanishingly small. However, it should not be considered secure -against malicious tampering: although finding a file with a given MD5 +against malicious tampering: although finding a file with a given \hash\ fingerprint is considered infeasible at the moment, it is known how to modify certain files, including digital certificates, so that they -appear valid when signed with an MD5 digest. For more secure hashes, +appear valid when signed with an \hash\ digest. For more secure hashes, consider using SHA-2, or the newer @command{b2sum} command. @xref{sha2 utilities}. @xref{b2sum invocation}. +@end macro +@weakHash{MD5} If a @var{file} is specified as @samp{-} or if no files are given @command{md5sum} computes the checksum for the standard input. @@ -3979,12 +3982,7 @@ exit nonzero after all warnings have been issued. @var{file}. The usage and options of this command are precisely the same as for @command{md5sum}. @xref{md5sum invocation}. -Note: The SHA-1 digest is more secure than MD5, and no collisions of -it are known (different files having the same fingerprint). However, -it is known that they can be produced with considerable, but not -unreasonable, resources. For this reason, it is generally considered -that SHA-1 should be gradually phased out in favor of the more secure -SHA-2 hash algorithms. @xref{sha2 utilities}. +@weakHash{SHA-1} @node sha2 utilities diff --git a/man/md5sum.x b/man/md5sum.x index 93f93e272a..4d04e228ae 100644 --- a/man/md5sum.x +++ b/man/md5sum.x @@ -5,4 +5,5 @@ md5sum \- compute and check MD5 message digest [BUGS] The MD5 algorithm should not be used any more for security related purposes. Instead, better use an SHA\-2 algorithm, implemented in the programs -sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1) +sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1), +or the BLAKE2 algorithm, implemented in b2sum(1) diff --git a/man/sha1sum.x b/man/sha1sum.x index 52bb84172e..28098d86b6 100644 --- a/man/sha1sum.x +++ b/man/sha1sum.x @@ -2,3 +2,8 @@ sha1sum \- compute and check SHA1 message digest [DESCRIPTION] .\" Add any additional description here +[BUGS] +The SHA-1 algorithm should not be used any more for security related purposes. +Instead, better use an SHA\-2 algorithm, implemented in the programs +sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1), +or the BLAKE2 algorithm, implemented in b2sum(1) -- 2.47.2