boost md5 implementation?
Greetings boost-land, We've been looking around for an implementation of the MD5 (http://en.wikipedia.org/wiki/MD5) hash algorithm and came across a boost-oriented implementation by Stanislav Baranov: http://www.garret.ru/~baranov/boost_md5/lib/md5/md5.html Does anyone know if this was ever formally reviewed for inclusion in boost, or if there are other proposals or plans for message digest algorithms as part of boost? Thanks in advance, Nigel Stewart
Nigel Stewart wrote:
Greetings boost-land,
We've been looking around for an implementation of the MD5 (http://en.wikipedia.org/wiki/MD5) hash algorithm and came across a boost-oriented implementation by Stanislav Baranov:
http://www.garret.ru/~baranov/boost_md5/lib/md5/md5.html
Does anyone know if this was ever formally reviewed for inclusion in boost, or if there are other proposals or plans for message digest algorithms as part of boost?
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause). Regards, m Send instant messages to your online friends http://au.messenger.yahoo.com
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault.
On Fri, 9 Dec 2005 11:09:30 -0500 Jody Hagins <jody-boost-011304@atdesk.com> wrote:
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault.
It should be noted, however, that MD5 is not recommended for many applications, especially since the vulnerabilities of the past two years have been brought to light. See http://en.wikipedia.org/wiki/MD5 for base information and more links.
I'm all for a boost MD5 implementation, but if we're talking hashes there should also be at least one that doesn't have any known collisions. On 12/9/05, Jody Hagins <jody-boost-011304@atdesk.com> wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault. _______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
-- Cory Nelson http://www.int64.org
At 8:48 AM -0800 12/9/05, Cory Nelson wrote:
I'm all for a boost MD5 implementation, but if we're talking hashes there should also be at least one that doesn't have any known collisions.
On 12/9/05, Jody Hagins <jody-boost-011304@atdesk.com> wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
When I need crypto algorithms, I use Crypto++, a fine, open source, C++ library of cryptographic primitives. ;-) [ Which, unsurprisingly, includes several digest implementations, including MD5 ] Project page: <http://www.eskimo.com/~weidai/cryptlib.html> -- -- Marshall Marshall Clow Idio Software <mailto:marshall@idio.com> It is by caffeine alone I set my mind in motion. It is by the beans of Java that thoughts acquire speed, the hands acquire shaking, the shaking becomes a warning. It is by caffeine alone I set my mind in motion.
When I need crypto algorithms, I use Crypto++, a fine, open source, C++ library of cryptographic primitives. ;-) [ Which, unsurprisingly, includes several digest implementations, including MD5 ]
Project page: <http://www.eskimo.com/~weidai/cryptlib.html>
Thanks for the link, looks like a good resource for crypto applications. In our case, we just want to hash strings to detect changes or errors, and a bit shy of exporting "true crypto" compiled/linked into our application from the USA to solve a non-crypto problem. std::string boost::md5(const std::string &) const Nigel
Jody Hagins <jody-boost-011304@atdesk.com> wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault.
It might be preferable to just use Botan http://botan.randombit.net/ It has a number of crypto algorithms, and optimizing these things is quite hard. However, I don't know that the author would be interested in being assimilated by the boost collective. Cheers, Walter
On Fri, Dec 09, 2005 at 09:36:41AM -0800, Walter Landry wrote:
Jody Hagins <jody-boost-011304@atdesk.com> wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault.
It might be preferable to just use Botan
It has a number of crypto algorithms, and optimizing these things is quite hard. However, I don't know that the author would be interested in being assimilated by the boost collective.
To be honest, I would say neither Crypto++ nor Botan is particularly well suited for being adopted by Boost; either would have to undergo substantial chances to merge in with the general Boost style, and both have existing users who would probably be unhappy with that. While it is simple enough to code a few hashes (and certainly they have many applications across a wide field of work, so it might make sense to do that), I would suggest thinking hard about it before going down a Boost.Crypto path; first you need ciphers, then you need PRNGs to generate keys, then entropy sources to seed the PRNG, then public key code, then ASN.1, then certs, then OCSP and CRLs, and so on... it seems to be the case that you can either give a user a few primitives and let them shoot themselves in the foot, or give them a fairly complete package and have at least some hope that you're not just making it simpler for them to shoot themselves. There is a body of case history on this (Peter Gutmann, in particular, has done several good papers on the topic); in my own experience reviewing applications that use crypto (open source and commercial), I would say the most common crypto flaw is almost certainly misusing a good implementation of a good algorithm in such a way that catastrophic problems result. This is much more likely to occur if you just give the user some bare-metal crypto primitives. Not that there is anything wrong with a Boost.Crypto - I certainly wouldn't mind such a project, in the sense that I could then copy all the good ideas from it into Botan. :) I just wanted to offer some (entirely subjective and biased) datapoints for purposes of discussion. /back to lurking -Jack
Jody Hagins wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault.
I'd toss in some generic PKCS #5 stuff I have around here, if we're talking Boost.Crypto. :-) -- Pedro Lamarão Desenvolvimento Intersix Technologies S.A. SP: (55 11 3803-9300) RJ: (55 21 3852-3240) www.intersix.com.br Your Security is our Business
On 12/9/05, Pedro Lamarão <pedro.lamarao@intersix.com.br> wrote:
Jody Hagins wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
The Adobe Source Libraries have SHA implementations that may be of some use. They're based on Boost already, and are released under the OSI-approved MIT License. Blessings, Foster -- Foster T. Brereton - Computer Scientist Software Technology Lab, Adobe Systems Incorporated fbrereto@adobe.com -- http://opensource.adobe.com
On 12/9/05, Foster Brereton <fosterb.boost@gmail.com> wrote:
On 12/9/05, Pedro Lamarão <pedro.lamarao@intersix.com.br> wrote:
Jody Hagins wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
The Adobe Source Libraries have SHA implementations that may be of some use. They're based on Boost already, and are released under the OSI-approved MIT License.
Blessings, Foster
To expand a bit on what I had said earlier, ASL has an MD5 implementation: http://opensource.adobe.com/classadobe_1_1md5__t.html as well as SHA-1, -224, -256, -384, and -512 implementations: http://opensource.adobe.com/group__adobe__sha.html The MD5 implementation is based on the RSA version of MD5. All our license information can be found here: http://opensource.adobe.com/licenses.html Another piece of technology we wrote for this arena is a ZUID, which is a UUID-like structure that contains no personal information in it (like a MAC or IP address). Details on the ZUID and how (and why) it differs from a UUID can be found at: http://opensource.adobe.com/classadobe_1_1zuid__t.html We have no issues with any of our work being included in Boost. -- Foster T. Brereton - Computer Scientist Software Technology Lab, Adobe Systems Incorporated fbrereto@adobe.com -- http://opensource.adobe.com
participants (9)
-
Cory Nelson -
Foster Brereton -
Jack Lloyd -
Jody Hagins -
Marshall Clow -
Martin Wille -
Nigel Stewart -
Pedro Lamarão -
Walter Landry