[illumos-Developer] RFE : replace digest with schily mdigest
Garrett D'Amore
garrett at damore.org
Wed Nov 10 09:14:17 PST 2010
On Wed, 2010-11-10 at 12:06 -0500, Dennis Clarke wrote:
> I tend to use sha256 hash data in most things inside Blastwave. The old
> MD5 hash process has long since been cracked and it is already a ( nearly
> ) deterministic process to create two files with the same MD5 hash where
> the files even have similar size. NIST is clear on the secure hash
> algorithms to implement :
>
>
> http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
>
> Approved Algorithms
>
> There are five (5) Approved algorithms for generating a
> condensed representation of a message (message digest):
> SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
>
>
> However the digest binary in OpenSolaris was built with libs and such that
> are closed as well as, even worse, non-portable assembly language bits.
Uh, what are you talking about?
digest and its libraries are totally open source. There may be some
non-portable assembler in there, but there is also portable C for these
algorithms. Perhaps you just don't know where to look?
At one point there was a dependency upon a closed source kcfd (daemon),
but I've long since replaced that in illumos with open source kernel
code.
One thing is that the digest command uses the PKCS11 libraries, and this
will then make use of advanced cryptographic acceleration features when
they are available (including hardware acceleration).
I'm most definitely *not* interested in replacing this perfectly sound
open source implementation with another community implementation.
- Garrett
More information about the Developer
mailing list