On Sun, Jun 03, 2001 at 02:16:48PM -0400, Cliff Woolley wrote: > On Sun, 3 Jun 2001, Sander Striker wrote: > > > Maybe a bit off topic, but are there still legal issues with > > DES implementations? I mean, if someone submitted a patch > > would it be possible to include des in apr-util/crypto, or > > would this be problematic. DES is still in use in a variety > > of things, so providing the functionality wouldn't be that > > strange I think. > > Legal issues aside, my only worry is that we seem to be duplicating more > and more of the effort of the OpenSSL team...
I don't think there are legal issues, but crypt() is widely available. I really don't think it should be in APRUTIL. As I said before: on platforms where crypt() might /not/ be available, applications should just use SHA1 or MD5 hashing instead of DES. And yes, I realize that legacy apps may need crypt() on those poor platforms; but that is such a minority, that I'd rather not see it in APR. We have the APR_HAS_* macros for a reason. In this case, APR_HAS_CRYPT would be zero. Cheers, -g -- Greg Stein, http://www.lyra.org/
