Re: [PATCH] md4 for openssl 0.9.5a

Wed, 16 Aug 2000 02:02:37 -0700 

From: Lewis McCarthy <[EMAIL PROTECTED]>

lewis.mccarthy> It sounds like you're talking about using MD4 as part
lewis.mccarthy> of something else, not as part of SSL or TLS. I see
lewis.mccarthy> OpenSSL as an SSL/TLS library, not as a generic crypto
lewis.mccarthy> library or a general purpose library.

I think many people actually see it as both SSL/TLS and generic crypto
library.  It is used as the latter in a number of projects, among
others a few SSH implementations, OpenSSH being the most well known.
And also, if you look at the DES stuff, there are parts that refer to
Kerberos, and libdes (which is part of OpenSSL in source) was what
Eric used to reimplement those parts of Kerberos (creating eBones
Kerberos), if memory serves me right.

Also, a couple of times another problem has shown up: building an
application that needs to use OpenSSL as well as another crypto
library sometimes generates problems because some names clash
(different versoin of libdes being present in each, just to take one
example).  Actually, there was an issue like that last week in the
Heimdal list (Heimdal is a Stockholm-based Kerberos5 implementation,
with Assar as one of the implementors).

MD4 is used in Heimdal.  I assume it's for backward compatibility
(possibly with Kerberos4?) or simply to follow the specs, so I assume
Assars reason to send the patch in is simply to make life easier.  I
saw no reason not to put it in, really.  Assar, care to comment on that?

-- 
Richard Levitte   \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to