couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Making CouchDB crypto dependency optional
Date Mon, 18 Jan 2010 01:15:06 GMT
Thanks Jonathan,

I'm a big +1 on this now. Can you file a ticket in Jira for it? All
patches currently go through Jira for the ASF.

http://issues.apache.org/jira/browse/COUCHDB

Chris

On Sun, Jan 17, 2010 at 5:06 PM, Jonathan <jdknezek@gmail.com> wrote:
> On Sun, Jan 17, 2010 at 4:08 PM, Chris Anderson <jchris@apache.org> wrote:
>
>> On Sun, Jan 17, 2010 at 1:17 PM, Jonathan <jdknezek@gmail.com> wrote:
>> > I've created a pure-Erlang copy of this API (that attempts to fallback to
>> > the crypto library if possible) at http://gist.github.com/279085.  The
>> > random stream isn't cryptographically secure of course, but it should
>> work
>>
>> I'm +1 on this. The complications are (a) making sure the licensing is
>> done correctly. (b)
>> making sure the sha etc are compatible, so passwords work across
>> implementations.
>>
>
> I've updated the gist to include (along with fixes thanks to said testing)
> the test_sha/1 and test_sha_mac/1 functions, which will test random messages
> (and keys if applicable) of length N, N - 1, ..., 0 and compare the pure
> Erlang output with the crypto library output.  If you get 'ok' all is well.
>
> As for the licensing, I'm definitely not a lawyer.  For what it's worth, the
> reference implementation was published in RFC 3174, which in turn draws
> mostly from NIST FIPS 180-1, which was superseded by FIPS 180-2.  According
> to https://datatracker.ietf.org/ipr/858/:
>
>> *
>>
>> The U.S. Government holds U.S. Patent 6,829,355 on the "Device for and
>> method of
>> one-way cryptographic hashing", which has been incorporated into Federal
>> Information Processing Standard (FIPS) 180-2. This patent was issued on
>> December 7, 2004. The National Security Agency has made U.S. Patent
>> 6,829,355
>> available royalty-free.
>> *
>
> FIPS 180-2 makes no mention of licensing aside from the fact that it's
> subject to export control.  Hope that's at least a start...
>
>
> Jonathan
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message