On 01/20/2017 05:01 PM, Eric Covener wrote: > On Fri, Jan 20, 2017 at 10:52 AM, Yann Ylavic <ylavic....@gmail.com> wrote: >> On Fri, Jan 20, 2017 at 4:19 PM, Dirk-Willem van Gulik >> <di...@webweaving.org> wrote: >>> >>> Ok so if we had a special #ifdef for 'TRUE_MD5 and would manually >>> tweak/mark up the 2 or 3 places >>> that we know we need a real MD5 - we could have a 'fiddle' mode where we >>> silently return a better 'md5' >>> in the places where we would like to use a SHA256 but it is just too much >>> hassle to adjust things. >> >> MD5 *is* MD5, preferably used (and not recommended) for >> non-cryptographic purpose, but still I think apr_md5()'s result >> shouldn't differ from whatelse_md5()'s. >> >> We can't break users silently, if they use MD5, well they have it. > > +1 >
+1 Regards RĂ¼diger
