apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject cleaning up apr_md5_encode
Date Sun, 29 Mar 2009 15:26:54 GMT
Hi,

Take a look at:
<https://svn.eu.apache.org/repos/asf/apr/apr/trunk/crypto/apr_md5.c>

The function apr_md5_encode specifically.

The function does:
  1) compute the md5 of some random things, with the comment Time to
make the doughnuts..'.
  2) compute the md5 of the salt+password
  3) write md5 from #2 into buffer.
  4) memset the md5 buffer 'Don't leave anything around in vm they could use.'
  5) 'Then something really weird...'
  6) start copying some strings...
  7) a for loop of 1 to 1000, md5 inits and various operations on the
md5 context, with a comment ' On a 60 Mhz Pentium this takes 34 msec,'


Can we delete all of the crap in there, and just go with a straight up
function that does the md5 of the salt + password?

I dislike md5 as much as the next guy, but this does almost nothing
but make apr_md5_encode slower.

or is all this obfuscation worth it still?

Thanks,

Paul

Mime
View raw message