Hi, Take a look at: <https://svn.eu.apache.org/repos/asf/apr/apr/trunk/crypto/apr_md5.c>
The function apr_md5_encode specifically. The function does: 1) compute the md5 of some random things, with the comment Time to make the doughnuts..'. 2) compute the md5 of the salt+password 3) write md5 from #2 into buffer. 4) memset the md5 buffer 'Don't leave anything around in vm they could use.' 5) 'Then something really weird...' 6) start copying some strings... 7) a for loop of 1 to 1000, md5 inits and various operations on the md5 context, with a comment ' On a 60 Mhz Pentium this takes 34 msec,' Can we delete all of the crap in there, and just go with a straight up function that does the md5 of the salt + password? I dislike md5 as much as the next guy, but this does almost nothing but make apr_md5_encode slower. or is all this obfuscation worth it still? Thanks, Paul
