Using different hash algorithm in purple_util_get_image_checksum()

Paul Aurich paul at
Wed Jul 1 01:18:14 EDT 2009

And Ethan Blanton spoke on 06/30/2009 07:56 PM, saying:

> We don't necessarily need a SHA-sized hash, but we need more than
> Adler32.  I suggest, however, that there's not much in between that
> will have *practical* implementations which are faster than SHA.  (SHA
> implementations in crypto libraries are heavily optimized, as are many
> Adler32 implementations.  I am unaware of, for example, a 64-bit
> checksum or hashing function with similar widespread optimization.)
> It's possible that AES-128 would demonstrate benefit, or even DES with
> a 56-bit key; you might want to benchmark.

I believe we currently don't leverage the SSL libraries for hash functions,
which might be worth exploring. Or we might find out they're not
significantly faster than the current implementation.

> (In reality, I submit that we *do* need a cryptographically secure hash
>  function.


+1 to the whole part I cut out.

>  The saving grace here is ... nobody cares that much about buddy
>  icons.  Particularly now that Hulu is around.)

As this isn't an area where security is particularly important, we could
also use MD5, which is (for the moment still, I believe) resistant to
preimage attacks and faster than SHA1. : )

> Ethan


More information about the Devel mailing list