Skip to content

Reconsider distribution of cryptographic hash functions #9300

New issue
New issue
Closed
#9744
Closed
Reconsider distribution of cryptographic hash functions#9300
#9744
@brson

Description

@brson
brson
opened on Sep 18, 2013
Contributor

Per my own comment in #8989 we are shying away from rolling our own crypto. We already have SHA1, SHA2 and MD5 in libextra, but maybe we should not. If we want to completely eliminate these then SHA1 would need to move into librustc.

Activity

bluss

bluss commented on Sep 18, 2013

@bluss
bluss
on Sep 18, 2013
Member

For completeness, the two pieces in libstd's public API:

  • SipHash which is a cryptographic hash (albeit with different properties than for example SHA-2).
  • IsaacRng which is documented as suitable for cryptographic purposes.

These two are clearly useful.

DaGenix

DaGenix commented on Sep 22, 2013

@DaGenix
DaGenix
on Sep 22, 2013

So, I clearly disagree with the path that's been decided upon. If the goal of Rust is to create a safer language, I don't see why we'd want to avoid implementing security algorithms in that language and instead delegate them to more unsafe languages. However, since that is the decision, I don't think it makes any sense to implement a tiny subset of algorithms and ignore all the rest. I'll submit a patch to remove everything crypto related, but it might take me a few weeks to get together.

thestinger

thestinger commented on Sep 22, 2013

@thestinger
thestinger
on Sep 22, 2013
Contributor

@brson: I think we should move this stuff out to a rust-crypto incubator repository and explicitly mark it as experimental + not necessarily secure in the README. At some point we're going to want this kind of thing in pure Rust, even if that's far down the road from now.

DaGenix
mentioned this on Oct 6, 2013
bors
closed this as completedin 9293a41on Oct 28, 2013
Seldaek

Seldaek commented on Oct 29, 2013

@Seldaek
Seldaek
on Oct 29, 2013
Contributor

I for one think this is bad news. I hope this hypothetical rust-crypto at least makes it back into a rust-core-blessed repo somewhere. I wouldn't want such an important piece of code to be controlled by some random guy. This may save some rust-core maintenance hassle (although these algos are pretty much written in stone so I'm not sure what the burden really is once the language stabilizes) but it makes everyone less secure.

zooko

zooko commented on Oct 31, 2013

@zooko
zooko
on Oct 31, 2013
Contributor

I, too, would like to see crypto algorithms implemented in pure Rust. I suppose it is up to someone to create a repo and put some source code there and ask for review. ☺

alexcrichton

alexcrichton commented on Oct 31, 2013

@alexcrichton
alexcrichton
on Oct 31, 2013
Member

@DaGenix has done a lot of excellent work in this area and you can find it all at https://github.com/DaGenix/rust-crypto. The fate of libextra is still to be decided, but when we dissolve it into smaller packages, there may be a place for code like this, so hope isn't completely lost just yet!

e-oz

e-oz commented on Nov 15, 2015

@e-oz
e-oz
on Nov 15, 2015

Sorry for bumping old thread, but I absolutely agree with @DaGenix. I realize rust-crypto is his work, but in security questions 100% trust can exist only to "builtin" functions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @alexcrichton@brson@Seldaek@zooko@e-oz

      Issue actions
        Reconsider distribution of cryptographic hash functions · Issue #9300 · rust-lang/rust