On Fri, Jan 20, 2017 at 10:52 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > On Fri, Jan 20, 2017 at 4:19 PM, Dirk-Willem van Gulik > <di...@webweaving.org> wrote: >> >> Ok so if we had a special #ifdef for 'TRUE_MD5 and would manually tweak/mark >> up the 2 or 3 places >> that we know we need a real MD5 - we could have a 'fiddle' mode where we >> silently return a better 'md5' >> in the places where we would like to use a SHA256 but it is just too much >> hassle to adjust things. > > MD5 *is* MD5, preferably used (and not recommended) for > non-cryptographic purpose, but still I think apr_md5()'s result > shouldn't differ from whatelse_md5()'s. > > We can't break users silently, if they use MD5, well they have it.
+1
