On Sun, Jan 17, 2010 at 4:08 PM, Chris Anderson <[email protected]> wrote:
> On Sun, Jan 17, 2010 at 1:17 PM, Jonathan <[email protected]> wrote: > > I've created a pure-Erlang copy of this API (that attempts to fallback to > > the crypto library if possible) at http://gist.github.com/279085. The > > random stream isn't cryptographically secure of course, but it should > work > > I'm +1 on this. The complications are (a) making sure the licensing is > done correctly. (b) > making sure the sha etc are compatible, so passwords work across > implementations. > I've updated the gist to include (along with fixes thanks to said testing) the test_sha/1 and test_sha_mac/1 functions, which will test random messages (and keys if applicable) of length N, N - 1, ..., 0 and compare the pure Erlang output with the crypto library output. If you get 'ok' all is well. As for the licensing, I'm definitely not a lawyer. For what it's worth, the reference implementation was published in RFC 3174, which in turn draws mostly from NIST FIPS 180-1, which was superseded by FIPS 180-2. According to https://datatracker.ietf.org/ipr/858/: > * > > The U.S. Government holds U.S. Patent 6,829,355 on the "Device for and > method of > one-way cryptographic hashing", which has been incorporated into Federal > Information Processing Standard (FIPS) 180-2. This patent was issued on > December 7, 2004. The National Security Agency has made U.S. Patent > 6,829,355 > available royalty-free. > * FIPS 180-2 makes no mention of licensing aside from the fact that it's subject to export control. Hope that's at least a start... Jonathan
