From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by sympa.inria.fr (Postfix) with ESMTPS id C89E37EE25 for ; Tue, 19 Nov 2013 08:53:54 +0100 (CET) Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of david.mentre@gmail.com) identity=pra; client-ip=209.85.215.46; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="david.mentre@gmail.com"; x-sender="david.mentre@gmail.com"; x-conformance=sidf_compatible Received-SPF: Pass (mail3-smtp-sop.national.inria.fr: domain of david.mentre@gmail.com designates 209.85.215.46 as permitted sender) identity=mailfrom; client-ip=209.85.215.46; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="david.mentre@gmail.com"; x-sender="david.mentre@gmail.com"; x-conformance=sidf_compatible; x-record-type="v=spf1" Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of postmaster@mail-la0-f46.google.com) identity=helo; client-ip=209.85.215.46; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="david.mentre@gmail.com"; x-sender="postmaster@mail-la0-f46.google.com"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AigDAP8Xi1LRVdculGdsb2JhbABZhBKCNUG9WQgWDgEBAQEHCwsJEiqCJgEFIx0BOAEDDAEFBQsDDAImAgIfAxIBBQEcBhOHbwMPo3SMBINchF0nDYlKAQUMgR2RIIFGA45Wh1KBaJAhGCmBZIJwOw X-IPAS-Result: AigDAP8Xi1LRVdculGdsb2JhbABZhBKCNUG9WQgWDgEBAQEHCwsJEiqCJgEFIx0BOAEDDAEFBQsDDAImAgIfAxIBBQEcBhOHbwMPo3SMBINchF0nDYlKAQUMgR2RIIFGA45Wh1KBaJAhGCmBZIJwOw X-IronPort-AV: E=Sophos;i="4.93,727,1378850400"; d="scan'208";a="36377163" Received: from mail-la0-f46.google.com ([209.85.215.46]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/RC4-SHA; 19 Nov 2013 08:53:54 +0100 Received: by mail-la0-f46.google.com with SMTP id eh20so5801857lab.33 for ; Mon, 18 Nov 2013 23:53:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=H6GUEuOg1IvOo7OSsYwJHiTGXYv869YFeK4DX0u+8MU=; b=Va9Tp9eMFaZ/OoRnH9keHyDyfpNcaqHoibsHCfnpOz3B/sdaWlbwSxGxV/GVTWDC/p U+NTzWDwnWI6+YqShlz+lxK+6K2OjAzOVNohVW6J/Ld2gHF7mJOw67bLBuRRirxk1Tp2 8APHEw3ewxGXHF7/EuKgi2uzSIETTJq1cvpGOzMaldwfnSO2bGmw5ra5+sKTyPGpF2s4 6OZ7bnmMDhsv5Sr7KeaMd7OUicvUmaFMjSkY6c3tEVD4NQQRKKxvfTH7l32g/t6aw4gY nGSSfKsVWAKwItB1Z0w4pmm1ukPUOx7EUsbnBkBf3PmLZTDSzrusQABTAJghygK1UMBP QTMQ== X-Received: by 10.152.120.102 with SMTP id lb6mr156356lab.37.1384847633200; Mon, 18 Nov 2013 23:53:53 -0800 (PST) MIME-Version: 1.0 Sender: david.mentre@gmail.com Received: by 10.112.51.9 with HTTP; Mon, 18 Nov 2013 23:53:23 -0800 (PST) In-Reply-To: <1384819720.4083.57.camel@zotac> References: <20131118204426.GA14731@annexia.org> <1384819720.4083.57.camel@zotac> From: David MENTRE Date: Tue, 19 Nov 2013 08:53:23 +0100 X-Google-Sender-Auth: xNyq6k80nK21wITWZXFfBK1LruQ Message-ID: To: Gerd Stolpmann Cc: "Richard W.M. Jones" , caml users Content-Type: text/plain; charset=UTF-8 Subject: Re: [Caml-list] Hardening [Perl's] hash function further Hello, 2013/11/19 Gerd Stolpmann : > This article is more or less discussing cryptoattacks on an insecure > hash function, and the new versions of the functions are only "better" > but in no way safe (which you only get with crypto hashes or > dictionaries that don't allow collisions). Which in turn raises the question: Who has the responsibility to implement such hashes that can be exposed to the Internet: OCaml standard library or dedicated frameworks like OCamlNet or Ocsigen? In other words, shouldn't we keep simple hashes in the OCaml standard library (for people making regular programs) and let people making web applications chose the proper crypto hash in a specialized library? Best regards, david