Subject: Re: muhah
To: Alistair Crooks <email@example.com>
From: Trevor Johnson <firstname.lastname@example.org>
Date: 03/22/2001 11:24:41
On Thu, 22 Mar 2001, Alistair Crooks wrote:
> On Wed, Mar 21, 2001 at 12:12:33PM -0500, Trevor Johnson wrote:
> > > Log Message:
> > > Add MD2, MD4, SHA1, and RMD160 support to cksum. Adding new hashes to
> > > cksum(1) should now be easy.
> > These are all available from OpenSSL (openssl --list-digest-commands).
> This is tech-pkg, and here we're talking about pkgsrc.
Sorry, I forgot.
> I already went over why I didn't want to use openssl to calculate
> message digests, but a management summary would be:
I only got the e-mail in which you said, "I considered using openssl, but
didn't want pkgsrc to be dependent on openssl being installed, and because
the output format isn't the same as md5(1)." Is there another with more
> 1. openssl is huge, and I don't want pkgsrc to be reliant upon a huge
> piece of software as a basic building block. libtool not withstanding.
You're right, the copy that comes with NetBSD 1.5 for i386 (base.tgz) is
231292 bytes. Still, pkgsrc itself is much larger than that.
> 2. openssl produces output in a slightly different format from
> md5(1). I really don't want to have to pre-process everything with
> sed or awk or expr.
Can't the existing md5 utility still handle the MD5 hashes which were
generated with it? For the SHA-1 and RIPEMD-160 hashes, would you
consider making the output of your digest utility have the same format as
the output from OpenSSL?
> 3. I want a message digest calculation utility that is small and
> quick, and something that either is present on all Operating Systems
> on which pkgsrc runs, or is buildable on those operating systems with
> minimum fuss. openssl does not really fit the bill here.
Well, pkgsrc is only available for NetBSD, whereas OpenSSL is available
for NetBSD, Solaris, OpenBSD, FreeBSD, Linux, and Windows (with how much
fuss I don't know, but it's in the base system for the BSD flavors).
As for performance, for me, OpenSSL is a little faster at calculating all
$ cat mozilla-source-0.8.tar.bz2>/dev/null;time digest sha1 mozilla-source-0.8.tar.bz2;cat mozilla-source-0.8.tar.bz2>/dev/null;time openssl dgst -sha1 mozilla-source-0.8.tar.bz2
SHA1 (mozilla-source-0.8.tar.bz2) = 6e62d9466c3aca13b6020aff532f9245e52a69ad
$ cat mozilla-source-0.8.tar.bz2>/dev/null;time digest rmd160 mozilla-source-0.8.tar.bz2;cat mozilla-source-0.8.tar.bz2>/dev/null;time openssl dgst -rmd160 mozilla-source-0.8.tar.bz2
RMD160 (mozilla-source-0.8.tar.bz2) = 42933b877546311a355893e70e8f9071ba63e275
$ cat mozilla-source-0.8.tar.bz2>/dev/null;time digest md5 mozilla-source-0.8.tar.bz2;cat mozilla-source-0.8.tar.bz2>/dev/null;time openssl dgst -md5 mozilla-source-0.8.tar.bz2
MD5 (mozilla-source-0.8.tar.bz2) = c2c5e6d1257b9da80ccb6b424974b1c3