[jira] Commented: (COUCHDB-625) Pure Erlang alternative to crypto library

[Chris Anderson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/COUCHDB-625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12802388#action_12802388
 ] 

Chris Anderson commented on COUCHDB-625:
----------------------------------------

Thanks for the links. If you are interested in sharing the new version, I'm 
interested in pursing the licensing questions.

I'm not sure about the performance. I know it would be slower, but so much 
slower that it would matter for a single user running an app on an embedded 
device?

The idea of making a C-based port version of it seems redundant to me: isn't 
that already basically what the stdlib crypto app does?

The appeal of pure-Erlang crypto is that we can fall back on it in places where 
it's hard to build native code.

Do others think this is worth pursing or are we just setting a bunch of GameBoy 
users up for UUID collisions in the year 2050?


> Pure Erlang alternative to crypto library
> -----------------------------------------
>
>                 Key: COUCHDB-625
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-625
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Infrastructure
>            Reporter: Jonathan D. Knezek
>            Assignee: Chris Anderson
>            Priority: Minor
>         Attachments: ccrypto.erl
>
>
> On some platforms (in my case a SheevaPlug running on armv5te) it may be 
> difficult or impossible to obtain a version of Erlang built with support for 
> the crypto standard library.  I grepped the CouchDB source and have attempted 
> to reproduce the used crypto calls in pure Erlang.
> I have reproduced the start/0, rand_uniform/2, rand_bytes/1, sha/1, and 
> sha_mac/2 functions, along with test_sha/1 and test_sha_mac/1 functions to 
> validate the pure Erlang results against the crypto library's results.  The 
> public non-test functions attempt to first call into crypto if available, as 
> it is the preferred implementation.
> As I'm not familiar with the build system, app system, etc. of Erlang I am 
> only attaching the library implementation.  I'm sure more work would be 
> required to fully integrate it into CouchDB if accepted.
> As far as licensing goes, SHA1 is defined in NIST FIPS 180-2 
> (http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf), and 
> according to the IETF, the patent covering the algorithm has been made 
> royalty-free (https://datatracker.ietf.org/ipr/858).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.