David Madore <[EMAIL PROTECTED]> wrote:
> md5 has been broken for some time now; sha1 also has been, more
> recently (an actual collision is not known, so far, but a way to
> produce one in a "reasonable" amount of computer time has been
> provided). Consequently, the md5sum and sha1sum utilities should be
> deprecated for most security-sensitive uses.
>
> sha256, sha384 and sha512 are the generally advocated replacements.
> They should be made available in coreutils (certainly there are other
> implementations available, but it is essential that they be at least
> as widely available as md5sum was, if they are to replace it).
>
> So, please implement sha256sum, sha384sum and sha512sum as part of
> coreutils, either in Debian or by forwarding upstream. I can provide
> a patch for this if it is useful.
Thanks for the offer!
If you can also sign a copyright assignment and have the
energy to prepare a clean patch, I (upstream) am interested.
My requesting a `clean' patch means we're pretty picky,
and that the more of the following you can do, the better.
Here are some of the guidelines:
- be sure your changes are relative to the latest code in CVS
http://savannah.gnu.org/cvs/?group=coreutils
- follow the GNU Coding Standards
http://www.gnu.org/prep/standards/
(e.g., with respect to indentation, coding style, ChangeLogs)
- include documentation changes (diffs to doc/coreutils.texi)
- add tests along the lines of those in tests/sha1sum/basic-1.
Please add three new files in tests/misc/sha*, using at least
the FIPS-supplied test cases.
If you're still interested, please send unified-style diffs
(diff -u) to the mailing list, [EMAIL PROTECTED]
By the way, your e.g., src/sha256sum.c file should look like this:
#include "checksum.h"
int algorithm = ALG_SHA256;
and lib/sha256.c should be very similar to lib/sha1.c up
to this comment:
/* --- Code below is the primary difference between md5.c and sha1.c --- */
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
