L'octidi 28 messidor, an CCXXIV, Jonathan Dowland a écrit : > FWIW, last time I wanted to do md5 in C, I copied the code into my own > project. I got it from the source to dpkg, which did the same thing. By doing that, you are depriving yourself of future bugfixes and improvements to that implementation. Well, MD5 is pretty much set in stone and can be completely tested, so it is not a serious concern, but I wanted to underline it for the record. More importantly, by doing that, you are depriving yourself of all optimizations that were introduced in more mature crypto libraries. Since MD5 is computationally intensive, this is a serious concern. If your project only does a few MD5 on small chunks of data while spending most of its time in other tasks, then it is certainly fine. Otherwise, this is a very bad idea. The difference is quite significant, sometimes more than 30% depending on the hardware. I have found that OpenSSL's implementation was the fastest amongst readily available crypto implementations (gcrypt, libtomcrypt, libavutil). Regards, -- Nicolas George
Attachment:
signature.asc
Description: Digital signature