[erlang-questions] Request to add md4 to crypto module
Dan Gudmundsson
dgud@REDACTED
Fri Oct 3 12:08:35 CEST 2008
You don't have to write (in my mind) an EEP for adding things in a library,
EEP is for language changes or other major erlang changes.
Send a patch to erlang-patches, and if we thinks it's ok and have time we will add it.
/Dan "Currently adding things to crypto"
Alexander wrote:
> On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:
>> After poking around a bit in the OTP sources it seems that it would be
>> pretty trivial to add md4 to the crypto module. I will be testing a
>> few patches later this week, but before I throw together a real EEP I
>> was hoping that this might be a simple-enough change that the OTP team
>> might consider adding it without the need for the formal process.
>
> +1 for enhancement, also it would be useful to have DES in ECB mode too
> (trivial). If someone interested, there is my implementation based on erlang
> crypto driver (md4, des in ecb mode - used by mschapv2)
> http://pastie.org/283903
>
> Also, why not make MD2 and finish dance with MD* crypto in erlang? :)
>
>> As for the rationale: some applications (dhts, etc) need a large, fast
>> hash that has a good uniqueness distribution but are not worried about
>> the security implications of selecting an algorithm that is
>> cryptographically weak. The md4 hash is about 50% faster than md5,
>> which is a real win when you are hashing thousands of items. Since
>> there are already "questionable" algorithms included in the crypto
>> module (e.g. md5 and rc2) it seems that a warning in the docs that
>> this algorithm should not be used for security-sensitive tasks would
>> be sufficient notice to developers.
>>
>> Any thoughts or objections?
>>
>> jim
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://www.erlang.org/mailman/listinfo/erlang-questions
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions
>
More information about the erlang-questions
mailing list