Commit 6d50010b authored by Stefan Kangas's avatar Stefan Kangas

Recommend against SHA-1 and MD5 for security

* doc/lispref/text.texi (Checksum/Hash):
* src/fns.c (Fmd5, Fsecure_hash):
* lisp/subr.el (sha1): Doc fix to recommend against SHA-1 and MD5 for
security-related applications, since they are not collision
resistant.  (Bug#37420)
parent b8e9baac
Pipeline #3218 passed with stage
in 62 minutes and 19 seconds
......@@ -4710,12 +4710,12 @@ that you have an unaltered copy of that data.
SHA-1, SHA-2, SHA-224, SHA-256, SHA-384 and SHA-512. MD5 is the
oldest of these algorithms, and is commonly used in @dfn{message
digests} to check the integrity of messages transmitted over a
network. MD5 is not collision resistant (i.e., it is possible to
deliberately design different pieces of data which have the same MD5
hash), so you should not used it for anything security-related. A
similar theoretical weakness also exists in SHA-1. Therefore, for
security-related applications you should use the other hash types,
such as SHA-2.
network. MD5 and SHA-1 are not collision resistant (i.e., it is
possible to deliberately design different pieces of data which have
the same MD5 or SHA-1 hash), so you should not use them for anything
security-related. For security-related applications you should use
the other hash types, such as SHA-2 (e.g. @code{sha256} or
@code{sha512}).
@defun secure-hash-algorithms
This function returns a list of symbols representing algorithms that
......
......@@ -3120,11 +3120,15 @@ Otherwise, return nil."
raw-field)))
(defun sha1 (object &optional start end binary)
"Return the SHA1 (Secure Hash Algorithm) of an OBJECT.
"Return the SHA-1 (Secure Hash Algorithm) of an OBJECT.
OBJECT is either a string or a buffer. Optional arguments START and
END are character positions specifying which portion of OBJECT for
computing the hash. If BINARY is non-nil, return a string in binary
form."
form.
Note that SHA-1 is not collision resistant and should not be used
for anything security-related. See `secure-hash' for
alternatives."
(secure-hash 'sha1 object start end binary))
(defun function-get (f prop &optional autoload)
......
......@@ -5376,7 +5376,10 @@ If OBJECT is a string, the most preferred coding system (see the
command `prefer-coding-system') is used.
If NOERROR is non-nil, silently assume the `raw-text' coding if the
guesswork fails. Normally, an error is signaled in such case. */)
guesswork fails. Normally, an error is signaled in such case.
Note that MD5 is not collision resistant and should not be used for
anything security-related. See `secure-hash' for alternatives. */)
(Lisp_Object object, Lisp_Object start, Lisp_Object end, Lisp_Object coding_system, Lisp_Object noerror)
{
return secure_hash (Qmd5, object, start, end, coding_system, noerror, Qnil);
......@@ -5393,7 +5396,11 @@ whole OBJECT.
The full list of algorithms can be obtained with `secure-hash-algorithms'.
If BINARY is non-nil, returns a string in binary form. */)
If BINARY is non-nil, returns a string in binary form.
Note that MD5 and SHA-1 are not collision resistant and should not be
used for anything security-related. For these applications, use one
of the other hash types instead, e.g. sha256 or sha512. */)
(Lisp_Object algorithm, Lisp_Object object, Lisp_Object start, Lisp_Object end, Lisp_Object binary)
{
return secure_hash (algorithm, object, start, end, Qnil, Qnil, binary);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment