[erlang-questions] wow: MD5 broken

Jim McCoy <>
Mon Dec 3 06:50:08 CET 2007


I guess this hits at one of my sore points regarding Erlang -- the
crypto library (based on the rather limited and task-specific OpenSSL
crypto toolkit) is "sub-optimal."

I have often told myself that I should just get off my butt and
replace it with LibTomCrypt.  This would offer every symmetric cipher
and hash you could want along with other nice goodies like a PRNG that
can use available hardware randomness if the platform supports it (no
more need to manually seed random on most platforms) and nice perks
like elliptic curve public keys.

OTOH, this is one of those things that seems at first glance like it
would be easier to change in the Erlang distro than to create as a
linked-in driver.  Maybe because most of the docs for linked-in
drivers are scary while swapping C functions in the crypto module
using LibTomCrypt's modular API looked to be a bit easier.   So, how
wedded to the current OpenSSL libcrypto are we?

jim



More information about the erlang-questions mailing list