[PATCH] libmd: Use alternative MD5 implementation

Ralf Corsepius ralf.corsepius at rtems.org
Mon Dec 17 04:53:26 UTC 2012


On 12/17/2012 05:20 AM, Cynthia Rempel wrote:
> Hi Sebastian and Ralf,
>
> I don't really have an opinion,
I do ... and hope not having to be more explicit about my opinion on 
Sebastian's proposal.

>   but for what it's worth md5 isn't considered secure...
> http://en.wikipedia.org/wiki/MD5#Security
> http://www.openssl.org/docs/crypto/md5.html
Known - md5 is crackable.

The version currently in RTEMS is a  variant of the original RSA 
implementation RTEMS has inherited through FreeBSD, i.e. it is the 
original implementation, has long historic record, has an alive upstream 
and is likely to receive fixes through it and not hardly used cheap 
imitation/clone.

FWIW: If you dig the net a bit more you can find several other such 
clones (and worse: shaX clones). In Fedora are trying hard to get rid of 
these or at least to track them to avoid bugs inside of this zoo to 
render the OS vulnerable (E.g. buffer overflows).

Ralf




More information about the devel mailing list