<div dir="ltr">Hi Dan,<br><br>Glad to hear you're in the midst of work on crypto! I submitted patches a long time ago to add MD5 and SHA1 signing and verification with RSA keys. I'd love to see this included in crypto.<br>
<br><a href="http://article.gmane.org/gmane.comp.lang.erlang.patches/151" target="_blank">http://article.gmane.org/gmane.comp.lang.erlang.patches/151</a><br><br>Thanks,<br>Will<br><br><div class="gmail_quote">On Fri, Oct 3, 2008 at 3:08 AM, Dan Gudmundsson <span dir="ltr"><<a href="mailto:dgud@erix.ericsson.se" target="_blank">dgud@erix.ericsson.se</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">You don't have to write (in my mind) an EEP for adding things in a library,<br>
EEP is for language changes or other major erlang changes.<br>
<br>
Send a patch to erlang-patches, and if we thinks it's ok and have time we will add it.<br>
<br>
/Dan "Currently adding things to crypto"<br>
<div><div></div><div><br>
Alexander wrote:<br>
> On Thursday 02 October 2008 23:28:29 Jim McCoy wrote:<br>
>> After poking around a bit in the OTP sources it seems that it would be<br>
>> pretty trivial to add md4 to the crypto module. I will be testing a<br>
>> few patches later this week, but before I throw together a real EEP I<br>
>> was hoping that this might be a simple-enough change that the OTP team<br>
>> might consider adding it without the need for the formal process.<br>
><br>
> +1 for enhancement, also it would be useful to have DES in ECB mode too<br>
> (trivial). If someone interested, there is my implementation based on erlang<br>
> crypto driver (md4, des in ecb mode - used by mschapv2)<br>
> <a href="http://pastie.org/283903" target="_blank">http://pastie.org/283903</a><br>
><br>
> Also, why not make MD2 and finish dance with MD* crypto in erlang? :)<br>
><br>
>> As for the rationale: some applications (dhts, etc) need a large, fast<br>
>> hash that has a good uniqueness distribution but are not worried about<br>
>> the security implications of selecting an algorithm that is<br>
>> cryptographically weak. The md4 hash is about 50% faster than md5,<br>
>> which is a real win when you are hashing thousands of items. Since<br>
>> there are already "questionable" algorithms included in the crypto<br>
>> module (e.g. md5 and rc2) it seems that a warning in the docs that<br>
>> this algorithm should not be used for security-sensitive tasks would<br>
>> be sufficient notice to developers.<br>
>><br>
>> Any thoughts or objections?<br>
>><br>
>> jim<br>
>> _______________________________________________<br>
>> erlang-questions mailing list<br>
>> <a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
>> <a href="http://www.erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://www.erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
> _______________________________________________<br>
> erlang-questions mailing list<br>
> <a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
> <a href="http://www.erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://www.erlang.org/mailman/listinfo/erlang-questions</a><br>
><br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://www.erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://www.erlang.org/mailman/listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div>