Thanks Jonathan, I'm a big +1 on this now. Can you file a ticket in Jira for it? All patches currently go through Jira for the ASF.
http://issues.apache.org/jira/browse/COUCHDB Chris On Sun, Jan 17, 2010 at 5:06 PM, Jonathan <[email protected]> wrote: > On Sun, Jan 17, 2010 at 4:08 PM, Chris Anderson <[email protected]> wrote: > >> On Sun, Jan 17, 2010 at 1:17 PM, Jonathan <[email protected]> wrote: >> > I've created a pure-Erlang copy of this API (that attempts to fallback to >> > the crypto library if possible) at http://gist.github.com/279085. The >> > random stream isn't cryptographically secure of course, but it should >> work >> >> I'm +1 on this. The complications are (a) making sure the licensing is >> done correctly. (b) >> making sure the sha etc are compatible, so passwords work across >> implementations. >> > > I've updated the gist to include (along with fixes thanks to said testing) > the test_sha/1 and test_sha_mac/1 functions, which will test random messages > (and keys if applicable) of length N, N - 1, ..., 0 and compare the pure > Erlang output with the crypto library output. If you get 'ok' all is well. > > As for the licensing, I'm definitely not a lawyer. For what it's worth, the > reference implementation was published in RFC 3174, which in turn draws > mostly from NIST FIPS 180-1, which was superseded by FIPS 180-2. According > to https://datatracker.ietf.org/ipr/858/: > >> * >> >> The U.S. Government holds U.S. Patent 6,829,355 on the "Device for and >> method of >> one-way cryptographic hashing", which has been incorporated into Federal >> Information Processing Standard (FIPS) 180-2. This patent was issued on >> December 7, 2004. The National Security Agency has made U.S. Patent >> 6,829,355 >> available royalty-free. >> * > > FIPS 180-2 makes no mention of licensing aside from the fact that it's > subject to export control. Hope that's at least a start... > > > Jonathan > -- Chris Anderson http://jchrisa.net http://couch.io
