This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: glibc 2.0.103

To: smurf@noris.de
Subject: Re: glibc 2.0.103
From: Geoff Keating <geoffk@ozemail.com.au>
Date: Fri, 27 Nov 1998 12:17:07 +1100
CC: libc-hacker@gnu.org
References: <r2ww4pye1g.fsf@happy.cygnus.com> <911617681.7117@noris.de> <73iugd$aj7$1@work2.noris.de>

> From: smurf@noris.de (Matthias Urlichs)
> Newsgroups: dist.glibc
> Date: 	26 Nov 1998 08:03:41 +0100

>   drepper@cygnus.com (Ulrich Drepper) writes:
> > 	glibc-2.0.103.tar.gz
> > As usual, let me know about success and failures.
> > 
> I wonder why glibc does not export its MD5 code.

Because those programs that need it have their own implementations,
and because MD5 should not be used in new designs according to its
author (try SHA instead).

Also, your patch needs to make the md5 functions weak, and add new
versions with underscores which -lcrypt can use.

If we really wanted to do this sort of thing, we should implement a
proper security library, probably including GSS-API---this would be
good for Secure RPC, since it's not really `secure' at present.  At
present, all the cryptographic interfaces provided by glibc are only
provided for historical or compatibility reasons, except for crypt()
using MD5.

There are already a lot of security libraries available, though.

-- 
Geoffrey Keating <geoffk@ozemail.com.au>

Follow-Ups:
- Re: glibc 2.0.103
  - From: "Matthias Urlichs" <smurf@noris.de>

References:
- glibc 2.0.103
  - From: Ulrich Drepper <drepper@cygnus.com>
- Re: glibc 2.0.103
  - From: smurf@noris.de (Matthias Urlichs)
- Re: glibc 2.0.103
  - From: smurf@noris.de (Matthias Urlichs)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]