You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Paul Querna <pa...@querna.org> on 2009/03/29 17:26:54 UTC
cleaning up apr_md5_encode
Hi,
Take a look at:
<https://svn.eu.apache.org/repos/asf/apr/apr/trunk/crypto/apr_md5.c>
The function apr_md5_encode specifically.
The function does:
1) compute the md5 of some random things, with the comment Time to
make the doughnuts..'.
2) compute the md5 of the salt+password
3) write md5 from #2 into buffer.
4) memset the md5 buffer 'Don't leave anything around in vm they could use.'
5) 'Then something really weird...'
6) start copying some strings...
7) a for loop of 1 to 1000, md5 inits and various operations on the
md5 context, with a comment ' On a 60 Mhz Pentium this takes 34 msec,'
Can we delete all of the crap in there, and just go with a straight up
function that does the md5 of the salt + password?
I dislike md5 as much as the next guy, but this does almost nothing
but make apr_md5_encode slower.
or is all this obfuscation worth it still?
Thanks,
Paul