Hi,
Evan Carew wrote re: MD4:
> Because if it is bundled into a standard package such as this you can
> ship source or executable code designed to link to it that will do
> things like crack open NT boxes that still use it. Recently, while at
> a major bank in the US Midwest, I had occasion to need a way to get
> into an NT domain as the administrator to fix some problems the
> certified MS Winsowz weenies had gotten themselves into.
[...]
It sounds like you're talking about using MD4 as part of something
else, not as part of SSL or TLS. I see OpenSSL as an SSL/TLS
library, not as a generic crypto library or a general purpose
library. (There's no shortage of free libraries in those latter
categories.) Putting stuff into OpenSSL that no-one's gonna use for
doing SSL/TLS stuff strikes me as wasteful. Sure, it's possible to
toss in everything but the kitchen sink, but do we really need to
reinvent PERL?
If there's a rumor of somebody somewhere running SSL or TLS with
some funky MD4-based ciphersuite, then that's a different story.
Speaking at most for myself
-Lewis
Lewis McCarthy [EMAIL PROTECTED] 1-650-694-6813
Software Engineer Critical Path Inc. L.A.S.E.R.
See how thought travels at http://www.criticalpath.net
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
