On Jan 3, 2007, at 4:30 PM, William A. Rowe, Jr. wrote:
MD4 was DOA when APR was created.
Only for cryptography. There is nothing wrong with its use as a hash.
Rsync still uses it.
Can we please introduce SHA-2 and drop MD4 entirely in APR release
2.0.0?
If configuring for a FIPS ssl environment, we will also have to
stub out MD5
entirely since it too is a prohibited algorithm. But it's common
enough
still today that I'm not in favor of dropping it from APR. There
are just
too many MD5 hashes our users still need to calculate.
FIPS does not regulate what algorithms are implemented. It might
regulate what algorithms are used for security-related purposes, but
that is not relevant to APR.
....Roy
