[bind10-dev] Tsig class

Francis Dupont fdupont at isc.org
Fri Feb 26 21:29:53 UTC 2010


> Tsig algorithms currently defined are:  MD5, SHA1, SHA224, SHA256,
> SHA384, and SHA512.  These are all well-known and I can easily get
> source for them.  For now, I intend to just embed these inside the Tsig
> class and not make them more generic.  Even though Francis will
> complain, I'm starting with MD5 as I know that one best.  :)

=> even SHA1 should not be very different my concern is not what you
expected: it is a very bad idea to embed the crypto code for a crypto
hash (in fact it is worse because it is a HMAC). The first two obvious
drawbacks are the speed (OpenSSL is at least 4 times faster than your
code) and to make the use of a crypto module for *all crypto* impossible.

So please introduce a high level API for the crypto ops you need,
BTW usually the only choice is between an one step vs incremental
for dealing (hashing here) with data.

Francis Dupont <fdupont at isc.org>



More information about the bind10-dev mailing list