apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: Legal issues, DES
Date Sun, 03 Jun 2001 19:17:52 GMT
On Sun, Jun 03, 2001 at 02:16:48PM -0400, Cliff Woolley wrote:
> On Sun, 3 Jun 2001, Sander Striker wrote:
> > Maybe a bit off topic, but are there still legal issues with
> > DES implementations? I mean, if someone submitted a patch
> > would it be possible to include des in apr-util/crypto, or
> > would this be problematic. DES is still in use in a variety
> > of things, so providing the functionality wouldn't be that
> > strange I think.
> Legal issues aside, my only worry is that we seem to be duplicating more
> and more of the effort of the OpenSSL team...

I don't think there are legal issues, but crypt() is widely available. I
really don't think it should be in APRUTIL.

As I said before: on platforms where crypt() might /not/ be available,
applications should just use SHA1 or MD5 hashing instead of DES. And yes, I
realize that legacy apps may need crypt() on those poor platforms; but that
is such a minority, that I'd rather not see it in APR.

We have the APR_HAS_* macros for a reason. In this case, APR_HAS_CRYPT would
be zero.


Greg Stein, http://www.lyra.org/

View raw message