[bind10-dev] Tsig class
Francis Dupont
fdupont at isc.org
Fri Feb 26 21:29:53 UTC 2010
> Tsig algorithms currently defined are: MD5, SHA1, SHA224, SHA256,
> SHA384, and SHA512. These are all well-known and I can easily get
> source for them. For now, I intend to just embed these inside the Tsig
> class and not make them more generic. Even though Francis will
> complain, I'm starting with MD5 as I know that one best. :)
=> even SHA1 should not be very different my concern is not what you
expected: it is a very bad idea to embed the crypto code for a crypto
hash (in fact it is worse because it is a HMAC). The first two obvious
drawbacks are the speed (OpenSSL is at least 4 times faster than your
code) and to make the use of a crypto module for *all crypto* impossible.
So please introduce a high level API for the crypto ops you need,
BTW usually the only choice is between an one step vs incremental
for dealing (hashing here) with data.
Francis Dupont <fdupont at isc.org>
More information about the bind10-dev
mailing list