Darren J Moffat wrote: > Garrett D'Amore wrote: >>> I've I don't here any objections by the end of the week I'll go ahead >>> and file an ARC case for this an integrate it. >>> >>> Webrev for codereview is available here: >>> >>> http://cr.grommit.com/~darrenm/6354305 >>> >>> >> >> I don't see sys/md4.h in your review. Is that intentional? (It is >> included by libmd/md4.h now) > > Not intentional. > > What used to be $SRC/libmd/common/md4.h "moves" to > $SRC/uts/common/sys/md4.h (same place as md5.h etc). I couldn't do > this as a rename because I still needed an md4.h in the original place. > > I just forgot to do a 'wx create' of the "moved" original md4.h in its > new location. > > I've done that now and pushed an updated webrev. > >> Apart from that, everything else looks good to me. > > Thanks for the review. > > So no objection to providing this algorithm via kcf then ?
No. I would encourage adding a comment to the header file citing security considerations, recommending new users avoid MD4 if possible and use SHA2 or something else instead. Perhaps something like this: /* * SECURITY NOTE: * * This implementation of MD4 is provided for compatibility with legacy applications that require * this algorithm. Security experts advise against the use of MD4 in new applications. Use of * one of the SHA 2 variants may provide stronger security for new applications. */ -- Garrett D'Amore, Principal Software Engineer Tadpole Computer / Computing Technologies Division, General Dynamics C4 Systems http://www.tadpolecomputer.com/ Phone: 951 325-2134 Fax: 951 325-2191
