You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Paul Querna <pa...@querna.org> on 2009/03/29 17:26:54 UTC

cleaning up apr_md5_encode

Hi,

Take a look at:
<https://svn.eu.apache.org/repos/asf/apr/apr/trunk/crypto/apr_md5.c>

The function apr_md5_encode specifically.

The function does:
  1) compute the md5 of some random things, with the comment Time to
make the doughnuts..'.
  2) compute the md5 of the salt+password
  3) write md5 from #2 into buffer.
  4) memset the md5 buffer 'Don't leave anything around in vm they could use.'
  5) 'Then something really weird...'
  6) start copying some strings...
  7) a for loop of 1 to 1000, md5 inits and various operations on the
md5 context, with a comment ' On a 60 Mhz Pentium this takes 34 msec,'


Can we delete all of the crap in there, and just go with a straight up
function that does the md5 of the salt + password?

I dislike md5 as much as the next guy, but this does almost nothing
but make apr_md5_encode slower.

or is all this obfuscation worth it still?

Thanks,

Paul