[erlang-questions] Request to add md4 to crypto module

Alexander <>
Thu Oct 2 23:29:09 CEST 2008


On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:
> After poking around a bit in the OTP sources it seems that it would be
> pretty trivial to add md4 to the crypto module.  I will be testing a
> few patches later this week, but before I throw together a real EEP I
> was hoping that this might be a simple-enough change that the OTP team
> might consider adding it without the need for the formal process.

+1 for enhancement, also it would be useful to have DES in ECB mode too 
(trivial). If someone interested, there is my implementation based on erlang 
crypto driver (md4, des in ecb mode - used by mschapv2) 
http://pastie.org/283903

Also, why not make MD2 and finish dance with MD* crypto in erlang? :)

>
> As for the rationale: some applications (dhts, etc) need a large, fast
> hash that has a good uniqueness distribution but are not worried about
> the security implications of selecting an algorithm that is
> cryptographically weak.  The md4 hash is about 50% faster than md5,
> which is a real win when you are hashing thousands of items.  Since
> there are already "questionable" algorithms included in the crypto
> module (e.g. md5 and rc2) it seems that a warning in the docs that
> this algorithm should not be used for security-sensitive tasks would
> be sufficient notice to developers.
>
> Any thoughts or objections?
>
> jim
> _______________________________________________
> erlang-questions mailing list
> 
> http://www.erlang.org/mailman/listinfo/erlang-questions




More information about the erlang-questions mailing list