Author: paul
Date: 2006-01-21 04:09:29 +0100 (Sat, 21 Jan 2006)
New Revision: 960
Log:
r6504@frost: paul | 2006-01-20 18:51:41 -0600
MD5 and SHA-1 can be cracked. (Bug#13174)
Modified:
trunk/
trunk/refman-4.1/functions.xml
trunk/refman-5.0/functions.xml
trunk/refman-5.1/functions.xml
Property changes on: trunk
___________________________________________________________________
Name: svk:merge
- b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:6503
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:2396
+ b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:6504
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:2396
Modified: trunk/refman-4.1/functions.xml
===================================================================
--- trunk/refman-4.1/functions.xml 2006-01-21 03:09:14 UTC (rev 959)
+++ trunk/refman-4.1/functions.xml 2006-01-21 03:09:29 UTC (rev 960)
@@ -11747,6 +11747,13 @@
change data values.
</para>
+ <para>
+ <emphasis role="bold">Note</emphasis>: Exploits for the MD5 and
+ SHA-1 algorithms have become known. You may wish to consider
+ using one of the other encryption functions described in this
+ section instead.
+ </para>
+
<itemizedlist>
<listitem>
@@ -12124,10 +12131,7 @@
If <literal>crypt()</literal> is not available on your
system (as is the case with Windows),
<literal>ENCRYPT()</literal> always returns
- <literal>NULL</literal>. Because of this, we recommend that
- you use <literal>MD5()</literal> or
- <literal>SHA1()</literal> instead, because those two
- functions exist on all platforms.
+ <literal>NULL</literal>.
</para>
</listitem>
@@ -12178,6 +12182,11 @@
</para>
<para>
+ See the note regarding the MD5 algorithm at the beginning
+ this section.
+ </para>
+
+ <para>
<literal>MD5()</literal> was added in MySQL 3.23.2.
</para>
</listitem>
@@ -12272,7 +12281,7 @@
<literal>PASSWORD()</literal> function is used by the
authentication system in MySQL Server; you should
<emphasis>not</emphasis> use it in your own applications.
- For that purpose, use <literal>MD5()</literal> or
+ For that purpose, consider <literal>MD5()</literal> or
<literal>SHA1()</literal> instead. Also see RFC 2195 for
more information about handling passwords and authentication
securely in your applications.
@@ -12306,13 +12315,15 @@
<remark role="help-description-begin"/>
<para>
- Calculates an SHA1 160-bit checksum for the string, as
+ Calculates an SHA-1 160-bit checksum for the string, as
described in RFC 3174 (Secure Hash Algorithm). The value is
returned as a string of 40 hex digits, or
<literal>NULL</literal> if the argument was
<literal>NULL</literal>. One of the possible uses for this
function is as a hash key. You can also use it as a
- cryptographically safe function for storing passwords.
+ cryptographic function for storing passwords.
+ <literal>SHA()</literal> is synonymous with
+ <literal>SHA1()</literal>.
</para>
<remark role="help-description-end"/>
@@ -12327,8 +12338,8 @@
<para>
<literal>SHA1()</literal> was added in MySQL 4.0.2, and can
be considered a cryptographically more secure equivalent of
- <literal>MD5()</literal>. <literal>SHA()</literal> is
- synonymous with <literal>SHA1()</literal>.
+ <literal>MD5()</literal>. However, see the note regarding
+ the MD5 and SHA-1 algorithms at the beginning this section.
</para>
</listitem>
Modified: trunk/refman-5.0/functions.xml
===================================================================
--- trunk/refman-5.0/functions.xml 2006-01-21 03:09:14 UTC (rev 959)
+++ trunk/refman-5.0/functions.xml 2006-01-21 03:09:29 UTC (rev 960)
@@ -11744,6 +11744,13 @@
with trailing space removal that would change data values.
</para>
+ <para>
+ <emphasis role="bold">Note</emphasis>: Exploits for the MD5 and
+ SHA-1 algorithms have become known. You may wish to consider
+ using one of the other encryption functions described in this
+ section instead.
+ </para>
+
<itemizedlist>
<listitem>
@@ -12112,10 +12119,7 @@
If <literal>crypt()</literal> is not available on your
system (as is the case with Windows),
<literal>ENCRYPT()</literal> always returns
- <literal>NULL</literal>. Because of this, we recommend that
- you use <literal>MD5()</literal> or
- <literal>SHA1()</literal> instead, because those two
- functions exist on all platforms.
+ <literal>NULL</literal>.
</para>
</listitem>
@@ -12164,6 +12168,11 @@
for the <literal>BINARY</literal> operator in
<xref linkend="cast-functions"/>.
</para>
+
+ <para>
+ See the note regarding the MD5 algorithm at the beginning
+ this section.
+ </para>
</listitem>
<listitem>
@@ -12256,7 +12265,7 @@
<literal>PASSWORD()</literal> function is used by the
authentication system in MySQL Server; you should
<emphasis>not</emphasis> use it in your own applications.
- For that purpose, use <literal>MD5()</literal> or
+ For that purpose, consider <literal>MD5()</literal> or
<literal>SHA1()</literal> instead. Also see RFC 2195 for
more information about handling passwords and authentication
securely in your applications.
@@ -12290,13 +12299,15 @@
<remark role="help-description-begin"/>
<para>
- Calculates an SHA1 160-bit checksum for the string, as
+ Calculates an SHA-1 160-bit checksum for the string, as
described in RFC 3174 (Secure Hash Algorithm). The value is
returned as a string of 40 hex digits, or
<literal>NULL</literal> if the argument was
<literal>NULL</literal>. One of the possible uses for this
function is as a hash key. You can also use it as a
- cryptographically safe function for storing passwords.
+ cryptographic function for storing passwords.
+ <literal>SHA()</literal> is synonymous with
+ <literal>SHA1()</literal>.
</para>
<remark role="help-description-end"/>
@@ -12311,8 +12322,8 @@
<para>
<literal>SHA1()</literal> can be considered a
cryptographically more secure equivalent of
- <literal>MD5()</literal>. <literal>SHA()</literal> is
- synonymous with <literal>SHA1()</literal>.
+ <literal>MD5()</literal>. However, see the note regarding
+ the MD5 and SHA-1 algorithms at the beginning this section.
</para>
</listitem>
Modified: trunk/refman-5.1/functions.xml
===================================================================
--- trunk/refman-5.1/functions.xml 2006-01-21 03:09:14 UTC (rev 959)
+++ trunk/refman-5.1/functions.xml 2006-01-21 03:09:29 UTC (rev 960)
@@ -12173,6 +12173,13 @@
change data values.
</para>
+ <para>
+ <emphasis role="bold">Note</emphasis>: Exploits for the MD5 and
+ SHA-1 algorithms have become known. You may wish to consider
+ using one of the other encryption functions described in this
+ section instead.
+ </para>
+
<itemizedlist>
<listitem>
@@ -12541,10 +12548,7 @@
If <literal>crypt()</literal> is not available on your
system (as is the case with Windows),
<literal>ENCRYPT()</literal> always returns
- <literal>NULL</literal>. Because of this, we recommend that
- you use <literal>MD5()</literal> or
- <literal>SHA1()</literal> instead, because those two
- functions exist on all platforms.
+ <literal>NULL</literal>.
</para>
</listitem>
@@ -12593,6 +12597,11 @@
for the <literal>BINARY</literal> operator in
<xref linkend="cast-functions"/>.
</para>
+
+ <para>
+ See the note regarding the MD5 algorithm at the beginning
+ this section.
+ </para>
</listitem>
<listitem>
@@ -12685,7 +12694,7 @@
<literal>PASSWORD()</literal> function is used by the
authentication system in MySQL Server; you should
<emphasis>not</emphasis> use it in your own applications.
- For that purpose, use <literal>MD5()</literal> or
+ For that purpose, consider <literal>MD5()</literal> or
<literal>SHA1()</literal> instead. Also see RFC 2195 for
more information about handling passwords and authentication
securely in your applications.
@@ -12719,13 +12728,15 @@
<remark role="help-description-begin"/>
<para>
- Calculates an SHA1 160-bit checksum for the string, as
+ Calculates an SHA-1 160-bit checksum for the string, as
described in RFC 3174 (Secure Hash Algorithm). The value is
returned as a string of 40 hex digits, or
<literal>NULL</literal> if the argument was
<literal>NULL</literal>. One of the possible uses for this
function is as a hash key. You can also use it as a
- cryptographically safe function for storing passwords.
+ cryptographic function for storing passwords.
+ <literal>SHA()</literal> is synonymous with
+ <literal>SHA1()</literal>.
</para>
<remark role="help-description-end"/>
@@ -12740,8 +12751,8 @@
<para>
<literal>SHA1()</literal> can be considered a
cryptographically more secure equivalent of
- <literal>MD5()</literal>. <literal>SHA()</literal> is
- synonymous with <literal>SHA1()</literal>.
+ <literal>MD5()</literal>. However, see the note regarding
+ the MD5 and SHA-1 algorithms at the beginning this section.
</para>
</listitem>
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r960 - in trunk: . refman-4.1 refman-5.0 refman-5.1 | paul | 21 Jan |
