[erlang-questions] Request to add md4 to crypto module

Will <>
Fri Oct 3 23:49:57 CEST 2008


Hi Dan,

Glad to hear you're in the midst of work on crypto! I submitted patches a
long time ago to add MD5 and SHA1 signing and verification with RSA keys.
I'd  love to see this included in crypto.

http://article.gmane.org/gmane.comp.lang.erlang.patches/151

Thanks,
Will

On Fri, Oct 3, 2008 at 3:08 AM, Dan Gudmundsson <>wrote:

> You don't have to write (in my mind) an EEP for adding things in a library,
> EEP is for language changes or other major erlang changes.
>
> Send a patch to erlang-patches, and if we thinks it's ok and have time we
> will add it.
>
> /Dan "Currently adding things to crypto"
>
> Alexander wrote:
> > On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:
> >> After poking around a bit in the OTP sources it seems that it would be
> >> pretty trivial to add md4 to the crypto module.  I will be testing a
> >> few patches later this week, but before I throw together a real EEP I
> >> was hoping that this might be a simple-enough change that the OTP team
> >> might consider adding it without the need for the formal process.
> >
> > +1 for enhancement, also it would be useful to have DES in ECB mode too
> > (trivial). If someone interested, there is my implementation based on
> erlang
> > crypto driver (md4, des in ecb mode - used by mschapv2)
> > http://pastie.org/283903
> >
> > Also, why not make MD2 and finish dance with MD* crypto in erlang? :)
> >
> >> As for the rationale: some applications (dhts, etc) need a large, fast
> >> hash that has a good uniqueness distribution but are not worried about
> >> the security implications of selecting an algorithm that is
> >> cryptographically weak.  The md4 hash is about 50% faster than md5,
> >> which is a real win when you are hashing thousands of items.  Since
> >> there are already "questionable" algorithms included in the crypto
> >> module (e.g. md5 and rc2) it seems that a warning in the docs that
> >> this algorithm should not be used for security-sensitive tasks would
> >> be sufficient notice to developers.
> >>
> >> Any thoughts or objections?
> >>
> >> jim
> >> _______________________________________________
> >> erlang-questions mailing list
> >> 
> >> http://www.erlang.org/mailman/listinfo/erlang-questions
> >
> > _______________________________________________
> > erlang-questions mailing list
> > 
> > http://www.erlang.org/mailman/listinfo/erlang-questions
> >
> _______________________________________________
> erlang-questions mailing list
> 
> http://www.erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20081003/17bc3e4f/attachment.html>


More information about the erlang-questions mailing list