apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: SHA2 in APR
Date Thu, 07 Nov 2013 05:57:56 GMT
On Wed, 16 Oct 2013 16:17:33 +0100
Nick Kew <niq@apache.org> wrote:
> 
> On 10 Oct 2013, at 21:49, Dirkjan Ochtman wrote:
> 
> > The reason I've recently gotten interested in APR (and SHA support)
> > is my work on https://github.com/mozilla/mod_authn_persona.
> 
> OK, that raises two questions:
> 
> 1. From your point of view, how useful would a fully-implemented
>    apr_sha2 be, compared either to using a third-party library or a
>    standalone implementation?
> 
> 2. If it does add value, is the API referenced in your bug exactly
>    what you want, or might there be mileage in reviewing/extending it?
> 
> It's not really clear to me what value an APR wrapper adds to sha2.
> Or indeed, md5/sha1, beyond their being widely used by existing apps.

If we are a 'hash provider', IMHO we should provide the strongest
hashing available, even if we simply delegate it to openssl (which we
already consume in apr 2).  Otherwise, it seems prudent to get out of
the hashing business and rip out md/sha1 entirely from apr 2.

I have no issue with providing a simple hash, these are used for just
about all arbitrary string values where you need to uniquify them into
a predictable byte token.

Mime
View raw message