apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <roy.field...@gmail.com>
Subject Re: APR 2.0.0 - deprecate MD4 at last?
Date Thu, 04 Jan 2007 01:00:15 GMT
On Jan 3, 2007, at 4:30 PM, William A. Rowe, Jr. wrote:

> MD4 was DOA when APR was created.

Only for cryptography.  There is nothing wrong with its use as a hash.
Rsync still uses it.

> Can we please introduce SHA-2 and drop MD4 entirely in APR release  
> 2.0.0?
>
> If configuring for a FIPS ssl environment, we will also have to  
> stub out MD5
> entirely since it too is a prohibited algorithm.  But it's common  
> enough
> still today that I'm not in favor of dropping it from APR.  There  
> are just
> too many MD5 hashes our users still need to calculate.

FIPS does not regulate what algorithms are implemented.  It might
regulate what algorithms are used for security-related purposes, but
that is not relevant to APR.

....Roy

Mime
View raw message