[erlang-questions] Request to add md4 to crypto module

Jim McCoy jim.mccoy@REDACTED
Thu Oct 2 19:28:29 CEST 2008


After poking around a bit in the OTP sources it seems that it would be
pretty trivial to add md4 to the crypto module.  I will be testing a
few patches later this week, but before I throw together a real EEP I
was hoping that this might be a simple-enough change that the OTP team
might consider adding it without the need for the formal process.

As for the rationale: some applications (dhts, etc) need a large, fast
hash that has a good uniqueness distribution but are not worried about
the security implications of selecting an algorithm that is
cryptographically weak.  The md4 hash is about 50% faster than md5,
which is a real win when you are hashing thousands of items.  Since
there are already "questionable" algorithms included in the crypto
module (e.g. md5 and rc2) it seems that a warning in the docs that
this algorithm should not be used for security-sensitive tasks would
be sufficient notice to developers.

Any thoughts or objections?

jim



More information about the erlang-questions mailing list