Jan Dvořák mordae at
Sat Sep 16 02:44:46 PDT 2006


> The mail thread, about cryptodev, starts here:
They have refused it for it's "crappyness" and bad API design. As
usualy, they are probably true (they are kernel guys after all).

> Currently md5sum (from coreutils), passwd (from shadow), util-linux,
Why don't build OpenSSL sooner and make them use it instead?

> openssh,
It uses OpenSSL:
	#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
	#include <openssl/md5.h>

> and many others, each build in their own md5 library. If there were a 
> vulnerability in md5 tommorrow we would have to investigate every installed 
> package to check which are affected.

> Using a kernel module for all md5 hashes 
> means only one module would need to be upgraded. This performs better, makes 
> things easier to upgrade, and uses less storage space.
As well as shared library.


More information about the hlfs-dev mailing list