[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Fwd: [Fwd: MD5 passwords] (fwd)]



So this got posted to the psst (lsh mailing list). Perhaps someone could
look at using this?

I suspect it might help with the backward comapatibility issues.

Cheers

Andrew
--- Begin Message ---
Wojtek Pilorz <wpilorz@bdk.pl> writes:

> I am forwarding two messages from pam-list regarding MD5 problems;
> Here is the first one ...

Thanks for looking into this. I hope this means that PAM will be fixed
soon.

> Some time ago I used MD5 code in a PAM client agent (was in libpam_client)
> with the necessary endianess checks.  But as far as I remember the checks
> weren't cross-compile safe.

In my opinion, trying do do proper endian-dependent hacks is probably
a waste of time. The bulk of processing in md5 is inside the
compression function, and the time needed to convert data from bytes
to ints on input and output should be more or less negligible. Same
thing applies to most crypto-related functions.

It's easier to use portable endian-independent conversion code.
That's how it's done in the code I use in lsh,
http://www.lysator.liu.se/~nisse/lsh/src/symmetric/md5.c. 

Keep it simple. Don't optimize too early.

Regards,
/Niels


--- End Message ---

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []