cvs commit: src/lib/libmd Makefile sha256.3 sha256.h sha256c.c shadriver.c src/sbin/md5 Makefile md5.c

Pawel Jakub Dawidek pjd at FreeBSD.org
Wed Mar 9 13:01:15 PST 2005 

On Wed, Mar 09, 2005 at 12:33:24PM -0800, Colin Percival wrote:
+> Richard Coleman wrote:
+> > Colin Percival wrote:
+> >> As far as I could tell, we didn't have sha256 in the tree until I added
+> >> it.  As for md5 and sha1, it's useful to have a minimalist libmd for
+> >> applications which don't require the bloated monst^W^W^W OpenSSL, and
+> >> these are small enough that a bit of duplication really doesn't matter.
+> > 
+> > There are versions of sha256, sha384, and sha512 in sys/crypto/sha2.
+> 
+> *sigh*
+> 
+> Oh well, I think my version is cleaner anyway... :-)
+> 
+> > Just a random thought.  But I'm glad to see sha256 added to libmd
+> > anyways.  It may be useful to add sha384 and sha512 as well.
+> 
+> I considered that, but decided that since those hashes are designed
+> for 64 bit processors, they would be more trouble than they're worth.
+> 
+> My personal feeling is that sha(384|512) are overkill on the side of
+> hash length and probably underkill on the side of design (considering
+> that they have the same basic design which has been repeatedly shown
+> to be vulnerable to the Chinese attack) anyway -- we really need an
+> AES-like process for selecting a new hash standard.

Colin, with all due respect. I don't think your personal feeling should be
the reason to not support sha(384|512). Even for consistency we should
support them all (people do use them).
AFAIR, NIST has made those to work well with AES 192- and 256-bits keys.
We support those key lengths, so why don't support SHA-(384|512)?

I also read (didn't check this by myself), that SHA-256 calculations
takes much longer that SHA-1 and are comparable to AES.
We even support SHA-1 in hardware (not to mention AES).

If you think your version is cleaner/better that the one from sys/, maybe
it should be reviewed and sys/ version replaced, but we should not duplicate
crypto code.

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20050309/bf9d1c79/attachment.bin

More information about the cvs-src mailing list