apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject cleaning up apr_md5_encode
Date Sun, 29 Mar 2009 15:26:54 GMT

Take a look at:

The function apr_md5_encode specifically.

The function does:
  1) compute the md5 of some random things, with the comment Time to
make the doughnuts..'.
  2) compute the md5 of the salt+password
  3) write md5 from #2 into buffer.
  4) memset the md5 buffer 'Don't leave anything around in vm they could use.'
  5) 'Then something really weird...'
  6) start copying some strings...
  7) a for loop of 1 to 1000, md5 inits and various operations on the
md5 context, with a comment ' On a 60 Mhz Pentium this takes 34 msec,'

Can we delete all of the crap in there, and just go with a straight up
function that does the md5 of the salt + password?

I dislike md5 as much as the next guy, but this does almost nothing
but make apr_md5_encode slower.

or is all this obfuscation worth it still?



View raw message