On Jun 01, 2008 at 15:06, Jan Janak <[EMAIL PROTECTED]> wrote: > Andrei, > > I came across this today (haven't tried): > > http://sourceforge.net/projects/slicing-by-8 > > Maybe we could use it in SER?
Yes, cool. It's only crc32 though (and in some places we use crc16). We could also probably reduce CRC usage in ser. I'm not sure we need it in so many places. I've also found some strange usage for avp cookies in rr. It's used in the same way one would use a signature: cookie = crc16( avp_cookies | crc_secret) | avp_cookies This is really strange, if it's used only to protect against random changes on the wire, then no need for crc_secret and most likely a simple faster checksum16 offers enough protection. If it's used as some cryptographic signature, then it has 0 value, a real hmac would need to be used (md5, sha* a.s.o). I think that given a few messages it would be possible not only to send some avp flags for which the cookie check will match (no need for more then 1 message for that), but even the secret can be found out. Another function that we should replace is the MD5. I think (not tested yet) that for example the openssl version is much faster (they have optimized version for various archs). OTOH I wouldn't want to make ser depend on openssl... As a compromise we could have a make option for linking libcrypto and if the option is set use it, else use the slow ser implementation. (I don't think we could easily take the code from openssl, I'm not sure even if the licence for libcrypto still has the advertising clause, like the rest of the openssl). Andrei _______________________________________________ Serdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/serdev
