ping ...
发件人: Stuart Henderson
发送时间: 2021年6月15日 4:05
收件人: wen heping
抄送: ports@openbsd.org
主题: Re: security/p5-MD5: depreciated and should be removed
On 2021/06/14 09:57, wen heping wrote:
> Hi, ports@:
>
> The version of security/p5-MD5 i
On 2021/06/14 09:57, wen heping wrote:
> Hi, ports@:
>
> The version of security/p5-MD5 in OpenBSD portstree is released 25 years
> ago, upstream defined it depreciated and suggest use Digest::MD5 instead.
> No other ports depend on it.
>
> Shall we remove
Hi, ports@:
The version of security/p5-MD5 in OpenBSD portstree is released 25 years
ago, upstream defined it depreciated and suggest use Digest::MD5 instead.
No other ports depend on it.
Shall we remove this port ?
wen
Hi, ports@:
I suggest remove security/p5-MD5 from portstree.
It is a fork from Digest::MD5 which is in corelist, it
has no upstream update for about 20 years. With my previous
patch to update security/p5-Authen-Radius, there is no other
ports depends on p5-MD5.
Cheers !
wen
On Sun, Jul 08, 2012 at 09:36:33PM +, Christian Weisgerber wrote:
Christian Weisgerber na...@mips.inka.de wrote:
It's time to drop MD5 from the distinfo checksums. MD5 cannot
guarantee the integrity of a distfile. It is broken, people are
finding collisions and have used
Christian Weisgerber na...@mips.inka.de wrote:
It's time to drop MD5 from the distinfo checksums. MD5 cannot
guarantee the integrity of a distfile. It is broken, people are
finding collisions and have used this for practical attacks.
Espie has previously suggested that having several
It's time to drop MD5 from the distinfo checksums. MD5 cannot
guarantee the integrity of a distfile. It is broken, people are
finding collisions and have used this for practical attacks.
Espie has previously suggested that having several different hash
functions might improve overall security
Hi,
The mhash library in ports seems to be returning all zeros for the
md4/md5 hashes for some unexplained reason. All of the other hashes
seem to be working ok. The problem can be illustrated using the
php5-mhash extension with the code attached. I've tested this script
with 4.5 and current
Hi!
On Thu, Feb 05, 2009 at 05:31:06PM -0500, Brad wrote:
On Thursday 05 February 2009 17:18:43 Marc Balmer wrote:
shouldn't we abandon md5 in favor of e.g. sha256?
SHA256 has been the default for 2 years now.
For ports, yes. For packages, more recently, IIRC. For the MD5 file
in the base
Hannah Schroeter han...@schlund.de wrote:
However, I don't see it as *so very* critical. The practical attacks
against MD5 are birthday attacks, not preimages for a given hash.
At least not yet.
Actually, if you can overwrite or append a chunk of data, you can
create an MD5 collision
On Thu, Feb 12, 2009 at 04:05:14PM +0100, Hannah Schroeter wrote:
Hi!
On Thu, Feb 05, 2009 at 05:31:06PM -0500, Brad wrote:
On Thursday 05 February 2009 17:18:43 Marc Balmer wrote:
shouldn't we abandon md5 in favor of e.g. sha256?
SHA256 has been the default for 2 years now.
For ports
Hi, Marc!
On Thu, Feb 12, 2009 at 05:44:17PM +0100, Marc Espie wrote:
On Thu, Feb 12, 2009 at 04:05:14PM +0100, Hannah Schroeter wrote:
On Thu, Feb 05, 2009 at 05:31:06PM -0500, Brad wrote:
On Thursday 05 February 2009 17:18:43 Marc Balmer wrote:
shouldn't we abandon md5 in favor of e.g
Hi!
On Thu, Feb 12, 2009 at 03:59:20PM +, Christian Weisgerber wrote:
Hannah Schroeter han...@schlund.de wrote:
However, I don't see it as *so very* critical. The practical attacks
against MD5 are birthday attacks, not preimages for a given hash.
At least not yet.
Actually, if you can
Well, there's no real need to philosophize about md5.
It's quite obvious it is broken as a secure hash.
There are some limited attacks, for now, but it's getting worse
and worse. There are less and less constraints on what you can do,
and you really want to abandon that ship.
Remember the old
Christian Weisgerber wrote:
Hannah Schroeter han...@schlund.de wrote:
Would it be too difficult to change the md5 invocation in the release
target in /usr/src/etc into sha1 or sha256 (i.e. cksum -a sha256), or
just to *add* them there?
Should be trivial, but that's not my decision
shouldn't we abandon md5 in favor of e.g. sha256?
On Thursday 05 February 2009 17:18:43 Marc Balmer wrote:
shouldn't we abandon md5 in favor of e.g. sha256?
SHA256 has been the default for 2 years now.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
===
RCS file: /cvs/ports/security/p5-MD5/Makefile,v
retrieving revision 1.10
diff -u -r1.10 Makefile
--- Makefile 15 Sep 2007 23:30:00 - 1.10
+++ Makefile 1 Dec 2007 17:50:04 -
@@ -5,10 +5,11 @@
COMMENT= interface to md5 message-digest
[4.2-STABLE] UPD: security_p5-MD5-2.03
For those running -STABLE and complaining about a lack of updates on
ports-STABLE, here is your chance to do something... namely TEST these
patches and post your results. You can be reasonably certain these
patches will not be committed without testing, so
On Sun, Nov 25, 2007 at 11:31:59PM -0800, J.C. Roberts wrote:
This is the supported way to do MD5 in perl. It is required by the
update to our security/p5-MD5 port that I just posted.
Tested on -STABLE 4.2 i386
Please Test and Commit
Digest::MD5 comes already with our base perl
This is the supported way to do MD5 in perl. It is required by the
update to our security/p5-MD5 port that I just posted.
Tested on -STABLE 4.2 i386
Please Test and Commit
Kind Regards,
JCR
ports_security_p5-Digest-MD5--2.36.tar.gz
Description: application/tgz
The MD5.pm module we've been using has been depreciated for two years
(since Nov 2005).
The attached MD5.pm replacement is really a wrapper for the supported
Digest::MD5 module, which I've also ported.
Tested: -STABLE 4.2 i386
Please Test and Commit.
Kind Regards,
JCR
ports_security_p5
Hi,
There is a md5 mismatch between the files from :
ftp://ftp.openbsd.org/pub/OpenBSD/distfiles/actionpack-1.12.5.gem
MD5 (actionpack-1.12.5.gem) = d0bf5c15b7f530e0dbd28191bb4a54fc
http://rubyforge.org/frs/download.php/12313/actionpack-1.12.5.gem
MD5 (actionpack-1.12.5.gem
23 matches
Mail list logo
