[erlang-questions] Request to add md4 to crypto module
Thu Oct 2 23:29:09 CEST 2008
On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:
> After poking around a bit in the OTP sources it seems that it would be
> pretty trivial to add md4 to the crypto module. I will be testing a
> few patches later this week, but before I throw together a real EEP I
> was hoping that this might be a simple-enough change that the OTP team
> might consider adding it without the need for the formal process.
+1 for enhancement, also it would be useful to have DES in ECB mode too
(trivial). If someone interested, there is my implementation based on erlang
crypto driver (md4, des in ecb mode - used by mschapv2)
Also, why not make MD2 and finish dance with MD* crypto in erlang? :)
> As for the rationale: some applications (dhts, etc) need a large, fast
> hash that has a good uniqueness distribution but are not worried about
> the security implications of selecting an algorithm that is
> cryptographically weak. The md4 hash is about 50% faster than md5,
> which is a real win when you are hashing thousands of items. Since
> there are already "questionable" algorithms included in the crypto
> module (e.g. md5 and rc2) it seems that a warning in the docs that
> this algorithm should not be used for security-sensitive tasks would
> be sufficient notice to developers.
> Any thoughts or objections?
> erlang-questions mailing list
More information about the erlang-questions