> From Andrew Brown
> >From ????
> >And since the support for these hashes hasn't been in md5/cksum(1) for a
> >week, changing it shouldn't be too big a deal.
>
> that's also true.  someone has already suggested that md2 and md4
> simply be removed since they're "broken".

I just finished fixing up a package for OpenSSL 0.9.6 and found that we
already don't support md4 (in the 0.9.5a package, anyway).  I was building
ap-ssl (the SSL implementation for Apache) which relied on md4 as a digest
option and it failed on that, and a couple of other .h files. I had to add
the md4 file support back into the 'file list' in the install target in
order to get through the ap-ssl package installation.  I've sent in the PR
for this and updated the openssl.pck.tar.gz file on
ftp://ftp.neonramp.com/pub/ to reflect these files.

I don't intend to claim to be an expert on the software, but it's working
and seems to do everything it's supposed to.  A brief test showed it to be
operating correctly for SSL pages on the server.

>
> --
> |-----< "CODE WARRIOR" >-----|
> codewarrior@daemon.org             * "ah!  i see you have the internet
> twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
> andrew@crossbar.com       * "information is power -- share the wealth."
>