[PATCH] libmd: Use alternative MD5 implementation
Ralf Corsepius
ralf.corsepius at rtems.org
Mon Dec 17 04:53:26 UTC 2012
On 12/17/2012 05:20 AM, Cynthia Rempel wrote:
> Hi Sebastian and Ralf,
>
> I don't really have an opinion,
I do ... and hope not having to be more explicit about my opinion on
Sebastian's proposal.
> but for what it's worth md5 isn't considered secure...
> http://en.wikipedia.org/wiki/MD5#Security
> http://www.openssl.org/docs/crypto/md5.html
Known - md5 is crackable.
The version currently in RTEMS is a variant of the original RSA
implementation RTEMS has inherited through FreeBSD, i.e. it is the
original implementation, has long historic record, has an alive upstream
and is likely to receive fixes through it and not hardly used cheap
imitation/clone.
FWIW: If you dig the net a bit more you can find several other such
clones (and worse: shaX clones). In Fedora are trying hard to get rid of
these or at least to track them to avoid bugs inside of this zoo to
render the OS vulnerable (E.g. buffer overflows).
Ralf
More information about the devel
mailing list