Date: Wed, 9 Mar 2005 22:01:13 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Colin Percival <cperciva@freebsd.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libmd Makefile sha256.3 sha256.h sha256c.c shadriver.c src/sbin/md5 Makefile md5.c Message-ID: <20050309210113.GQ9291@darkness.comp.waw.pl> In-Reply-To: <422F5D94.4030702@freebsd.org> References: <200503091923.j29JN4Ti063868@repoman.freebsd.org> <422F50A6.907@criticalmagic.com> <422F55C6.3000207@freebsd.org> <422F5B36.5090400@criticalmagic.com> <422F5D94.4030702@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--VQx8a0J3gVIvXT58 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 09, 2005 at 12:33:24PM -0800, Colin Percival wrote: +> Richard Coleman wrote: +> > Colin Percival wrote: +> >> As far as I could tell, we didn't have sha256 in the tree until I add= ed +> >> it. As for md5 and sha1, it's useful to have a minimalist libmd for +> >> applications which don't require the bloated monst^W^W^W OpenSSL, and +> >> these are small enough that a bit of duplication really doesn't matte= r. +> >=20 +> > There are versions of sha256, sha384, and sha512 in sys/crypto/sha2. +>=20 +> *sigh* +>=20 +> Oh well, I think my version is cleaner anyway... :-) +>=20 +> > Just a random thought. But I'm glad to see sha256 added to libmd +> > anyways. It may be useful to add sha384 and sha512 as well. +>=20 +> I considered that, but decided that since those hashes are designed +> for 64 bit processors, they would be more trouble than they're worth. +>=20 +> My personal feeling is that sha(384|512) are overkill on the side of +> hash length and probably underkill on the side of design (considering +> that they have the same basic design which has been repeatedly shown +> to be vulnerable to the Chinese attack) anyway -- we really need an +> AES-like process for selecting a new hash standard. Colin, with all due respect. I don't think your personal feeling should be the reason to not support sha(384|512). Even for consistency we should support them all (people do use them). AFAIR, NIST has made those to work well with AES 192- and 256-bits keys. We support those key lengths, so why don't support SHA-(384|512)? I also read (didn't check this by myself), that SHA-256 calculations takes much longer that SHA-1 and are comparable to AES. We even support SHA-1 in hardware (not to mention AES). If you think your version is cleaner/better that the one from sys/, maybe it should be reviewed and sys/ version replaced, but we should not duplicate crypto code. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --VQx8a0J3gVIvXT58 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCL2QZForvXbEpPzQRAt/xAKCmj1ALrRvzipBr/ddiXJ7oKKJs9QCgic0h KmdHGjF6GlDMjllsF6m70UQ= =6eh1 -----END PGP SIGNATURE----- --VQx8a0J3gVIvXT58--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050309210113.GQ9291>