Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Oct 2013 18:30:19 -0600
From: Kyle Sanderson <>
Subject: Re: [Feature Request] SHA-1 HMAC

Thanks for the replies! The reason why I thought it would be cool to have
SHA1-HMAC included was I had thought SHA1 was included (in the crypt/
folder). However, now that I look at it again, it's actually SHA2, which
makes the whole request bad :( I'll try my hand at porting the code from

Thanks for the kind responses!

On Sat, Oct 26, 2013 at 12:38 PM, Rich Felker <> wrote:

> On Sat, Oct 26, 2013 at 02:28:48PM +0200, Szabolcs Nagy wrote:
> > * Daniel Cegie?ka <> [2013-10-25 21:23:03
> +0200]:
> > >  Adding HMAC to musl doesn't make sense. This is only one C file, so
> > > why you just don't want to keep this in the sources of your software?
> >
> > including a source file is not optimal
> I think whether this is the case depends a lot on what you're doing.
> One question I always recommend asking is which will be larger and
> more work to maintain: the copied code, or the library glue? For use
> of a single hash function from a crypto lib with a complex API, just
> the glue code to setup and call the crypto lib is probably as large as
> the hash code. Then you have to consider also the build system. At
> this point we haven't even started considering the potential space for
> bugs, issues if someone uses a different implementation of the
> original crypto lib as a drop-in replacement for it (common with
> openssl), etc.
> So I think in this specific case, including the source file may
> actually be the optimal solution.
> Rich

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.