Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20131025160006.GL20515@brightrain.aerifal.cx>
Date: Fri, 25 Oct 2013 12:00:06 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: [Feature Request] SHA-1 HMAC

On Fri, Oct 25, 2013 at 09:36:12AM -0600, Kyle Sanderson wrote:
> Forgive my ignorance, but would it be possible to include SHA-1 HMAC into
> musl? I'm not really sure if there's a list of functionality that's
> prohibited from a libc; hopefully this is an acceptable request. I have a
> single HMAC key that I use to sign multiple hashes with. I'm using
> PolarSSL's implementation at the moment and I'd like to eliminate the
> requirement.

Hi. The conditions for something to go into libc are pretty stringent;
otherwise, it would be called libeverything. :-)

- Anything mandated by the current version of one of the relevant
  standards (ISO C or POSIX) goes in without question.

- Things with major historical precedent or presence in obsolete
  standards are pretty sure to get included unless there's a strong
  reason against inclusion.

- Modern BSD or GNU extensions that are widely used and not
  unreasonably costly to add generally get included.

It sounds like what you're asking for is the addition of a new
interface with no existing precedent, in which case, libc is really
not the appropriate place for it. However, I think you can implement
SHA-1 in just a few lines of code and include it with your project
rather than depending on large libraries. Busybox has a very light,
simple implementation you could copy; it's under GPLv2, but the code
is by Rob Landley and I imagine he would relicense it under BSD/MIT
for you if you need a less restrictive license. The original code it
was based on was public domain, so you could also just go back to
that. See libbb/hash_md5_sha.c in the Busybox source for details.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.