[erlang-questions] Request to add md4 to crypto module
Fri Oct 3 23:49:57 CEST 2008
Glad to hear you're in the midst of work on crypto! I submitted patches a
long time ago to add MD5 and SHA1 signing and verification with RSA keys.
I'd love to see this included in crypto.
On Fri, Oct 3, 2008 at 3:08 AM, Dan Gudmundsson <>wrote:
> You don't have to write (in my mind) an EEP for adding things in a library,
> EEP is for language changes or other major erlang changes.
> Send a patch to erlang-patches, and if we thinks it's ok and have time we
> will add it.
> /Dan "Currently adding things to crypto"
> Alexander wrote:
> > On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:
> >> After poking around a bit in the OTP sources it seems that it would be
> >> pretty trivial to add md4 to the crypto module. I will be testing a
> >> few patches later this week, but before I throw together a real EEP I
> >> was hoping that this might be a simple-enough change that the OTP team
> >> might consider adding it without the need for the formal process.
> > +1 for enhancement, also it would be useful to have DES in ECB mode too
> > (trivial). If someone interested, there is my implementation based on
> > crypto driver (md4, des in ecb mode - used by mschapv2)
> > http://pastie.org/283903
> > Also, why not make MD2 and finish dance with MD* crypto in erlang? :)
> >> As for the rationale: some applications (dhts, etc) need a large, fast
> >> hash that has a good uniqueness distribution but are not worried about
> >> the security implications of selecting an algorithm that is
> >> cryptographically weak. The md4 hash is about 50% faster than md5,
> >> which is a real win when you are hashing thousands of items. Since
> >> there are already "questionable" algorithms included in the crypto
> >> module (e.g. md5 and rc2) it seems that a warning in the docs that
> >> this algorithm should not be used for security-sensitive tasks would
> >> be sufficient notice to developers.
> >> Any thoughts or objections?
> >> jim
> >> _______________________________________________
> >> erlang-questions mailing list
> >> http://www.erlang.org/mailman/listinfo/erlang-questions
> > _______________________________________________
> > erlang-questions mailing list
> > http://www.erlang.org/mailman/listinfo/erlang-questions
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions