From owner-cvs-src@FreeBSD.ORG Wed Mar 9 21:01:15 2005 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CB5216A4CE; Wed, 9 Mar 2005 21:01:15 +0000 (GMT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2C5443D1F; Wed, 9 Mar 2005 21:01:14 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 603B3ACAE6; Wed, 9 Mar 2005 22:01:13 +0100 (CET) Date: Wed, 9 Mar 2005 22:01:13 +0100 From: Pawel Jakub Dawidek To: Colin Percival Message-ID: <20050309210113.GQ9291@darkness.comp.waw.pl> References: <200503091923.j29JN4Ti063868@repoman.freebsd.org> <422F50A6.907@criticalmagic.com> <422F55C6.3000207@freebsd.org> <422F5B36.5090400@criticalmagic.com> <422F5D94.4030702@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VQx8a0J3gVIvXT58" Content-Disposition: inline In-Reply-To: <422F5D94.4030702@freebsd.org> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: Richard Coleman cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libmd Makefile sha256.3 sha256.h sha256c.c shadriver.c src/sbin/md5 Makefile md5.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2005 21:01:15 -0000 --VQx8a0J3gVIvXT58 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 09, 2005 at 12:33:24PM -0800, Colin Percival wrote: +> Richard Coleman wrote: +> > Colin Percival wrote: +> >> As far as I could tell, we didn't have sha256 in the tree until I add= ed +> >> it. As for md5 and sha1, it's useful to have a minimalist libmd for +> >> applications which don't require the bloated monst^W^W^W OpenSSL, and +> >> these are small enough that a bit of duplication really doesn't matte= r. +> >=20 +> > There are versions of sha256, sha384, and sha512 in sys/crypto/sha2. +>=20 +> *sigh* +>=20 +> Oh well, I think my version is cleaner anyway... :-) +>=20 +> > Just a random thought. But I'm glad to see sha256 added to libmd +> > anyways. It may be useful to add sha384 and sha512 as well. +>=20 +> I considered that, but decided that since those hashes are designed +> for 64 bit processors, they would be more trouble than they're worth. +>=20 +> My personal feeling is that sha(384|512) are overkill on the side of +> hash length and probably underkill on the side of design (considering +> that they have the same basic design which has been repeatedly shown +> to be vulnerable to the Chinese attack) anyway -- we really need an +> AES-like process for selecting a new hash standard. Colin, with all due respect. I don't think your personal feeling should be the reason to not support sha(384|512). Even for consistency we should support them all (people do use them). AFAIR, NIST has made those to work well with AES 192- and 256-bits keys. We support those key lengths, so why don't support SHA-(384|512)? I also read (didn't check this by myself), that SHA-256 calculations takes much longer that SHA-1 and are comparable to AES. We even support SHA-1 in hardware (not to mention AES). If you think your version is cleaner/better that the one from sys/, maybe it should be reviewed and sys/ version replaced, but we should not duplicate crypto code. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --VQx8a0J3gVIvXT58 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCL2QZForvXbEpPzQRAt/xAKCmj1ALrRvzipBr/ddiXJ7oKKJs9QCgic0h KmdHGjF6GlDMjllsF6m70UQ= =6eh1 -----END PGP SIGNATURE----- --VQx8a0J3gVIvXT58--