tech-pkg: Re: muhah

Subject: Re: muhah
To: Alistair Crooks <agc@pkgsrc.org>
From: Trevor Johnson <trevor@jpj.net>
List: tech-pkg
Date: 03/22/2001 11:24:41
On Thu, 22 Mar 2001, Alistair Crooks wrote:

> On Wed, Mar 21, 2001 at 12:12:33PM -0500, Trevor Johnson wrote:
> > > Log Message:
> > > Add MD2, MD4, SHA1, and RMD160 support to cksum.  Adding new hashes to
> > > cksum(1) should now be easy.
> >
> > These are all available from OpenSSL (openssl --list-digest-commands).
>
> This is tech-pkg, and here we're talking about pkgsrc.

Sorry, I forgot.

> I already went over why I didn't want to use openssl to calculate
> message digests, but a management summary would be:

I only got the e-mail in which you said, "I considered using openssl, but
didn't want pkgsrc to be dependent on openssl being installed, and because
the output format isn't the same as md5(1)."  Is there another with more
detail?

> 1.  openssl is huge, and I don't want pkgsrc to be reliant upon a huge
> piece of software as a basic building block.  libtool not withstanding.

You're right, the copy that comes with NetBSD 1.5 for i386 (base.tgz) is
231292 bytes.  Still, pkgsrc itself is much larger than that.

> 2.  openssl produces output in a slightly different format from
> md5(1).  I really don't want to have to pre-process everything with
> sed or awk or expr.

Can't the existing md5 utility still handle the MD5 hashes which were
generated with it?  For the SHA-1 and RIPEMD-160 hashes, would you
consider making the output of your digest utility have the same format as
the output from OpenSSL?

> 3.  I want a message digest calculation utility that is small and
> quick, and something that either is present on all Operating Systems
> on which pkgsrc runs, or is buildable on those operating systems with
> minimum fuss. openssl does not really fit the bill here.

Well, pkgsrc is only available for NetBSD, whereas OpenSSL is available
for NetBSD, Solaris, OpenBSD, FreeBSD, Linux, and Windows (with how much
fuss I don't know, but it's in the base system for the BSD flavors).

As for performance, for me, OpenSSL is a little faster at calculating all
three hashes:

$ cat mozilla-source-0.8.tar.bz2>/dev/null;time digest sha1 mozilla-source-0.8.tar.bz2;cat mozilla-source-0.8.tar.bz2>/dev/null;time openssl dgst -sha1 mozilla-source-0.8.tar.bz2
SHA1 (mozilla-source-0.8.tar.bz2) = 6e62d9466c3aca13b6020aff532f9245e52a69ad

real    0m1.150s
user    0m0.882s
sys     0m0.266s
SHA1(mozilla-source-0.8.tar.bz2)= 6e62d9466c3aca13b6020aff532f9245e52a69ad

real    0m1.785s
user    0m1.541s
sys     0m0.242s
$ cat mozilla-source-0.8.tar.bz2>/dev/null;time digest rmd160 mozilla-source-0.8.tar.bz2;cat mozilla-source-0.8.tar.bz2>/dev/null;time openssl dgst -rmd160 mozilla-source-0.8.tar.bz2
RMD160 (mozilla-source-0.8.tar.bz2) = 42933b877546311a355893e70e8f9071ba63e275

real    0m2.940s
user    0m2.500s
sys     0m0.431s
RIPEMD160(mozilla-source-0.8.tar.bz2)= 42933b877546311a355893e70e8f9071ba63e275

real    0m1.904s
user    0m1.652s
sys     0m0.235s
$ cat mozilla-source-0.8.tar.bz2>/dev/null;time digest md5 mozilla-source-0.8.tar.bz2;cat mozilla-source-0.8.tar.bz2>/dev/null;time openssl dgst -md5 mozilla-source-0.8.tar.bz2
MD5 (mozilla-source-0.8.tar.bz2) = c2c5e6d1257b9da80ccb6b424974b1c3

real    0m1.682s
user    0m1.352s
sys     0m0.321s
MD5(mozilla-source-0.8.tar.bz2)= c2c5e6d1257b9da80ccb6b424974b1c3

real    0m0.964s
user    0m0.782s
sys     0m0.181s
-- 
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt