[Haskell-cafe] [WARN] Bug fix release of pureMD5 (Was: pureMD5)
Thomas M. DuBuisson
thomas.dubuisson at gmail.com
Fri Jun 13 00:47:44 EDT 2008
Cafe,
Daniel Larsson noticed a correctness issue with the pureMD5 package.
This issue would affect you if you built the value incrementally via the
'updateMD5' function (vs just using 'md5') and didn't provide 512 bit
long bytestrings (an MD5 block of operation).
As you can probably tell, I didn't invest enough into the
non-performance aspects of pureMD5. Faced with actual users ;-), I have
released version 0.2.0 which has the bug fix, a new API (type prevention
from re-finalizing a digest), and a reasonable set of quickchecks
(covering Show / Binary instances, known answer and incremented
hashing). Oh, also the module name has changed to place it inline with
'Crypto' package naming while not colliding.
Sorry if this causes anyone headaches.
Daniel,
Good catch, I hope this didn't consume much of your time. Thanks a
bunch!
TomMD
On Fri, 2008-06-13 at 04:14 +0200, Daniel Larsson wrote:
> Hi Thomas,
>
>
> I was fiddling around with your pureMD5 package, and encountered some
> problems with using the md5Update/md5Finalize sequence. I tried to
> calculate the md5 of some scattered data, but it kept returning the
> wrong values. It seems that each md5Update must supply an exact
> blockSize number of bits, since the mdLeftOver part isn't taken into
> account in subsequent calls to md5Update.
>
>
> I wrote a small patch, and a simple QuickCheck property, to support
> calculating md5 of scattered data, attached to this mail. Hopefully I
> didn't mess up something...
>
>
> --
> Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://www.haskell.org/pipermail/haskell-cafe/attachments/20080613/0daad4e2/attachment.bin
More information about the Haskell-Cafe
mailing list