[erlang-questions] Request to add md4 to crypto module

Dan Gudmundsson <>
Mon Oct 6 09:50:12 CEST 2008


See the thread:
http://www.erlang.org/pipermail/erlang-bugs/2008-September/000989.html

/Dan

Will wrote:
> Hi Dan,
> 
> Glad to hear you're in the midst of work on crypto! I submitted patches 
> a long time ago to add MD5 and SHA1 signing and verification with RSA 
> keys. I'd  love to see this included in crypto.
> 
> http://article.gmane.org/gmane.comp.lang.erlang.patches/151
> 
> Thanks,
> Will
> 
> On Fri, Oct 3, 2008 at 3:08 AM, Dan Gudmundsson < 
> <mailto:>> wrote:
> 
>     You don't have to write (in my mind) an EEP for adding things in a
>     library,
>     EEP is for language changes or other major erlang changes.
> 
>     Send a patch to erlang-patches, and if we thinks it's ok and have
>     time we will add it.
> 
>     /Dan "Currently adding things to crypto"
> 
>     Alexander wrote:
>      > On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:
>      >> After poking around a bit in the OTP sources it seems that it
>     would be
>      >> pretty trivial to add md4 to the crypto module.  I will be testing a
>      >> few patches later this week, but before I throw together a real
>     EEP I
>      >> was hoping that this might be a simple-enough change that the
>     OTP team
>      >> might consider adding it without the need for the formal process.
>      >
>      > +1 for enhancement, also it would be useful to have DES in ECB
>     mode too
>      > (trivial). If someone interested, there is my implementation
>     based on erlang
>      > crypto driver (md4, des in ecb mode - used by mschapv2)
>      > http://pastie.org/283903
>      >
>      > Also, why not make MD2 and finish dance with MD* crypto in erlang? :)
>      >
>      >> As for the rationale: some applications (dhts, etc) need a
>     large, fast
>      >> hash that has a good uniqueness distribution but are not worried
>     about
>      >> the security implications of selecting an algorithm that is
>      >> cryptographically weak.  The md4 hash is about 50% faster than md5,
>      >> which is a real win when you are hashing thousands of items.  Since
>      >> there are already "questionable" algorithms included in the crypto
>      >> module (e.g. md5 and rc2) it seems that a warning in the docs that
>      >> this algorithm should not be used for security-sensitive tasks would
>      >> be sufficient notice to developers.
>      >>
>      >> Any thoughts or objections?
>      >>
>      >> jim
>      >> _______________________________________________
>      >> erlang-questions mailing list
>      >>  <mailto:>
>      >> http://www.erlang.org/mailman/listinfo/erlang-questions
>      >
>      > _______________________________________________
>      > erlang-questions mailing list
>      >  <mailto:>
>      > http://www.erlang.org/mailman/listinfo/erlang-questions
>      >
>     _______________________________________________
>     erlang-questions mailing list
>      <mailto:>
>     http://www.erlang.org/mailman/listinfo/erlang-questions
> 
> 



More information about the erlang-questions mailing list