[erlang-questions] Request to add md4 to crypto module
Jim McCoy
jim.mccoy@REDACTED
Thu Oct 2 19:28:29 CEST 2008
After poking around a bit in the OTP sources it seems that it would be
pretty trivial to add md4 to the crypto module. I will be testing a
few patches later this week, but before I throw together a real EEP I
was hoping that this might be a simple-enough change that the OTP team
might consider adding it without the need for the formal process.
As for the rationale: some applications (dhts, etc) need a large, fast
hash that has a good uniqueness distribution but are not worried about
the security implications of selecting an algorithm that is
cryptographically weak. The md4 hash is about 50% faster than md5,
which is a real win when you are hashing thousands of items. Since
there are already "questionable" algorithms included in the crypto
module (e.g. md5 and rc2) it seems that a warning in the docs that
this algorithm should not be used for security-sensitive tasks would
be sufficient notice to developers.
Any thoughts or objections?
jim
More information about the erlang-questions
mailing list