[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-devel] md2/md5 ...
|
From: |
Albert Chu |
|
Subject: |
Re: [Freeipmi-devel] md2/md5 ... |
|
Date: |
Mon, 22 Dec 2003 08:49:46 -0800 |
> I think it is not worth having dependency on another library just for
> MD2/5 algorithm.
Agreed. I think I initially thought md2/md5 was far more difficult to
code than it really is. I've already integrated md2/md5 into ipmipower.
The code is extremely ugly though.
Once we can get savannah back, my plan is to modify the
assemble_lan_packet to assemble the lan packet based on the
authentication type passed in.
i.e.
if authtype == NONE, build packet with no authcode buffer in session header
if authtype == passwd, build packet with password copied in
if authtype == md2, build packet with md2 checksum in authcode
if authtype == md5, build packet with md2 checksum in authcode
Otherwise the code gets ridiculously ugly.
Al
--
Albert Chu
address@hidden
Lawrence Livermore National Laboratory
----- Original Message -----
From: Anand Babu <address@hidden>
Date: Saturday, December 20, 2003 11:22 am
Subject: Re: [Freeipmi-devel] md2/md5 ...
> ,----[ Albert Chu <address@hidden> ]
> | Last night I decided to program md2 just for fun. I have a bit of
> | debugging to do, but for the most part it was very easy. Took
> around| an hour or so to get the core code done. I may have grossly
> | overestimated the difficulting of programming md2/md5. Perhaps we
> | should write our own implementations for freeipmi.
> `----
>
> I think it is not worth having dependency on another library just for
> MD2/5 algorithm. Doesn't matter if we copy and strip down a version
> into our source just for IPMI.
>
> Having lot of dependencies for system tools is a hassle for System
> Administrators, especially when they are in trouble-shooting
> mode. Most of the time, only when some thing breaks, network goes
> down, or in a panic situation, a system administrator's attention will
> be required. If has to meet package dependencies to bring up the
> system, ...
>
> -ab
>
>
> ----- Original Message -----
> From: Albert Chu <address@hidden>
> Date: Tuesday, December 16, 2003 4:02 pm
> Subject: [Freeipmi-devel] md2/md5 ...
>
> > Hey AB,
> >
> > I'd like to look at adding md2 and md5 authentication to ipmipower
> > semi-soon. What do you see as the best method for adding md2/md5
> > hashing algorithms to freeipmi ...
> >
> > A) Make a freeipmi rpm module dependency to some other common crypto
> > library, like openssl or nss.
> > B) Package some sub-library along with freeipmi ("libfoocrypto").
>
> > C) write our own md2/md5 hashing algorithms for freeipmi ...
> >
> > Pros
> >
> > A) Easiest, put development on other people
> >
> > B) Pretty darn easy, have to update as other developers update,
> not a
> > huge deal.
> >
> > C) no restrictions on licensing/anything ...
> >
> > Cons
> >
> > A) I haven't the slightest idea how popular/widespread packages like
> > openssl or nss are. Yeah they are reasonably popular, but I don't
> > really know.
> >
> > B) Some of the good crypto libraries seem to have funny licensing
> > issues. Like we'd have to package their entire library, not just
> > the md2/md5
> > algorithms.
> >
> > C) I think it'd be a good excercise to code these algorithms out,
> but> they're not exactly a walk in the park. I can't help but see
> porting> issues. Not to mention wasted effort, since there are
> tons of
> > implementations out there already.
> >
> > Al
> >
> > --
> > Albert Chu
> > address@hidden
> > Lawrence Livermore National Laboratory
> >
> >
> >
> > _______________________________________________
> > Freeipmi-devel mailing list
> > address@hidden
> > http://mail.nongnu.org/mailman/listinfo/freeipmi-devel
> >
>
>
>
> _______________________________________________
> Freeipmi-devel mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/freeipmi-devel
>
>
> --
> _.|_
> (_||_)
> Free as in Freedom <www.gnu.org>
>