On Fri, Jan 20, 2017 at 4:19 PM, Dirk-Willem van Gulik <di...@webweaving.org> wrote: > > Ok so if we had a special #ifdef for 'TRUE_MD5 and would manually tweak/mark > up the 2 or 3 places > that we know we need a real MD5 - we could have a 'fiddle' mode where we > silently return a better 'md5' > in the places where we would like to use a SHA256 but it is just too much > hassle to adjust things.
MD5 *is* MD5, preferably used (and not recommended) for non-cryptographic purpose, but still I think apr_md5()'s result shouldn't differ from whatelse_md5()'s. We can't break users silently, if they use MD5, well they have it. Regards, Yann.
