Commit 1a8d0b68a1f6a42c57261e76a8fccb9404fc305f
2021-02-20T23:40:29
man: Document RIPEMD160 and SHA-1 security status
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
diff --git a/man/rmd160.3 b/man/rmd160.3
index c22b46e..d187256 100644
--- a/man/rmd160.3
+++ b/man/rmd160.3
@@ -64,12 +64,11 @@ message less than 2^64 bits as input and produces a 160-bit digest
suitable for use as a digital signature.
.Pp
The RMD160 functions are considered to be more secure than the
-.Xr md4 3
-and
+.Xr md4 3 ,
.Xr md5 3
-functions and at least as secure as the
+and
.Xr sha1 3
-function.
+functions.
All share a similar interface.
.Pp
The
diff --git a/man/sha1.3 b/man/sha1.3
index 088d949..7634d2a 100644
--- a/man/sha1.3
+++ b/man/sha1.3
@@ -63,11 +63,13 @@ The algorithm takes a
message less than 2^64 bits as input and produces a 160-bit digest
suitable for use as a digital signature.
.Pp
-The SHA1 functions are considered to be more secure than the
+While the SHA1 functions are considered to be more secure than the
.Xr md4 3
and
.Xr md5 3
-functions with which they share a similar interface.
+functions with which they share a similar interface, they are considered
+insecure as of 2005, and as of 2020 chosen-prefix attacks have become
+practical, thus these must not be used in cryptographic contexts.
.Pp
The
.Fn SHA1Init