[PATCH] libmd: Use alternative MD5 implementation

Cynthia Rempel cynt6007 at vandals.uidaho.edu
Mon Dec 17 04:20:32 UTC 2012


Hi Sebastian and Ralf,

I don't really have an opinion, but for what it's worth md5 isn't considered secure...
http://en.wikipedia.org/wiki/MD5#Security
http://www.openssl.org/docs/crypto/md5.html

Although many legacy applications do require it for compatibility...
Thanks

________________________________________
From: rtems-devel-bounces at rtems.org [rtems-devel-bounces at rtems.org] on behalf of Ralf Corsepius [ralf.corsepius at rtems.org]
Sent: Sunday, December 16, 2012 8:06 PM
To: Sebastian Huber
Cc: rtems-devel at rtems.org
Subject: Re: [PATCH] libmd: Use alternative MD5 implementation

On 12/16/2012 06:09 PM, Sebastian Huber wrote:
> This implementation has less license restrictions.

The issue with md5 is not licenses, it's security and portability.

That said, your proposal to me qualifies as replacing a widely used and
heavily tested version with one from the zoo of exotic versions that are
floating around.

That said, unless you can provide evidence of the version you are
proposing has a history of being used for many years in major OSes or
applications, I am very opposed to letting this code in.

Ralf


_______________________________________________
rtems-devel mailing list
rtems-devel at rtems.org
http://www.rtems.org/mailman/listinfo/rtems-devel






More information about the devel mailing list