[PATCH] MD2 for libgcrypt

Stephan Mueller smueller at chronox.de
Tue Jul 20 18:52:51 CEST 2010

Am Dienstag 20 Juli 2010, um 17:15:15 schrieb Daniel Kahn Gillmor:

Hi Daniel,

> On 07/20/2010 03:11 AM, Werner Koch wrote:
> > For one the legal state of the algorithm is not clear: It is likely that
> > it has been taken from the RFC which has a non-commercial clause.  In
> > this regard it is similar to arcfour.  The GNU project is very
> > cautiousness on these issues and thus we would need to clear the legal
> > state first (meaning long dicussions with RSA Inc).  I don't think this
> > is justified.  And of course we need a copyright assignment and code
> > which is clearly not based on rfc 1319.
> Maybe the docs could indicate this somehow?  currently the manual [0]
> only says:
>     This is an reserved identifier for MD-2; there is no implementation
> yet. This algorithm has severe weaknesses and should not be used.
> an additional concise note about the specific legal encumbrances you're
> worried about might save other implementors time in the future (and
> might lead to a resolution of those legal concerns).

Well, I would have done the implementation/port of MD2 anyway as it is 
relatively simple, because I need it for SMIME as I pointed out.

The only sad thing is that SMIME of gpgsm is not complete without MD2. I want 
people to use libgcrypt and gpgsm simply because libgcrypt is one of the 
cleanest and best written crypto libs I know of. And I know quite a number 
indepth (Werner can tell).
> > A counterpoint would be that the whole X.509 PKI business is entirely
> > broken and does not provide any security at all.
> agreed, sadly.

Yes, agreed from my side as well. But what can you do if customers force you 
to use it, even with MD2?

| Cui bono? |

More information about the Gcrypt-devel mailing list