[
https://issues.apache.org/jira/browse/CODEC-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258283#comment-13258283
]
Christian Hammers commented on CODEC-133:
-----------------------------------------
Hello
Both licenses are essentially PUBLIC DOMAIN license statements (although Pouls
is funnier than mine).
Having them in the Apache project next to the Apache License means "the
original authors did not care what happend to his intellectual property so we,
the Apache Group, took it and re-licensed it under a much stricter Apache
License".
You should definetly retain the FreeBSD cvsweb URL and better the quote from
Poul as the FreeBSD project did the same as you are doing now: they took the
PUBLIC DOMAIN code and re-licensed it some years later to the FreeBSD license
which means that we had problems if I'd took a recend version of crypt-md5.c.
But as we can prove that it was once released under PUBLIC DOMAIN in 1999, it's
OK to use that old version as base for our Java conversion.
I'd be glad if my PUBLIC DOMAIN statement could be retained as well as it
basically means that everybody
who finds this Java snippet can use it for whatever he wants. Further
modifications will then be subject
to the Apache License if you put it on top of the file (-> same situation as
the mentioned FreeBSD code).
But if you see problems with that, you may remove my license as the Apache
License is reasonably free, too.
bye,
-christian-
> Please add a function for the MD5/SHA1/SHA-512 based Unix crypt(3) hash
> variants
> --------------------------------------------------------------------------------
>
> Key: CODEC-133
> URL: https://issues.apache.org/jira/browse/CODEC-133
> Project: Commons Codec
> Issue Type: New Feature
> Affects Versions: 1.6
> Reporter: Christian Hammers
> Labels: MD5, SHA-512, crypt(3), crypto, hash
> Attachments: commons-codec-crypt3.diff,
> crypt3-with-utexas-licence.diff
>
>
> The Linux libc6 crypt(3) function, which is used to generate e.g. the
> password hashes in /etc/shadow, is available in nearly all other programming
> languages (Perl, PHP, Python, C, C++, ...) and databases like MySQL and
> offers MD5/SHA1/SHA-512 based algorithms that were improved by adding a salt
> and several iterations to make rainbow table attacks harder. Thus they are
> widely used to store user passwords.
> Java, though, has due it's platform independence, no direct access to the
> libc functions and still lacks an proper port of the crypt(3) function.
> I already filed a wishlist bug (CODEC-104) for the traditional 56-bit DES
> based crypt(3) method but would also like to see the much stronger algorithms.
> There are other bug reports like DIRSTUDIO-738 that demand those crypt
> variants for some specific applications so there it would benefit other
> Apache projects as well.
> Java ports of most of the specific crypt variants are already existing, but
> they would have to be cleaned up, properly tested and license checked:
> ftp://ftp.arlut.utexas.edu/pub/java_hashes/
> I would be willing to help here by cleaning the source code and writing unit
> tests etc. but I'd like to generally know if you are interested and if
> there's someone who can do a code review (it's security relevant after all
> and I'm no crypto guy)
> bye,
> -christian-
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
