[GHC] #7634: MD5 collision could lead to SafeHaskell violation
GHC
ghc-devs at haskell.org
Tue Feb 24 14:41:21 UTC 2015
#7634: MD5 collision could lead to SafeHaskell violation
-------------------------------------+-------------------------------------
Reporter: shachaf | Owner: ekmett
Type: bug | Status: new
Priority: normal | Milestone: ⊥
Component: Core Libraries | Version: 7.6.1
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture:
Type of failure: Other | Unknown/Multiple
Blocked By: | Test Case:
Related Tickets: | Blocking:
| Differential Revisions:
-------------------------------------+-------------------------------------
Comment (by bananu7):
A quick investigation shows that there are two parts of the problem:
* `Fingerprint` is made of two `Word64`s; would need to change to four,
and all the functions that manipulate on it to take four parts into
account; that's an easy part
* MD5 implementation used internally for hashing is written in C. I
suppose the SHA-256 implementation that's necessary for the patch
''could'' be taken from `cryptohash` library, which seems pretty mature
already. It would need to be integrated as a C source similarly to MD5;
It's probably not feasible to drag the whole library as a GHC dependency;
maybe I'm wrong here.
Then the functions that have to be altered are `fingerprintData` and
`fingerprintString`, the latter needing just to take the larger size of
the fingerprint into the account, and the former actually being changed to
use the SHA-256 context and hashing function.
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/7634#comment:8>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list