Gentoo Archives: gentoo-dev

From: Andrew Savchenko <bircoph@g.o>
To: gentoo-dev@l.g.o
Subject: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs)
Date: Sat, 04 Aug 2018 08:43:39
In Reply to: Re: [gentoo-dev] Idea for a new project: gentoo-libs by "Hanno Böck"
1 On Mon, 25 Jun 2018 07:59:47 +0200 Hanno Böck wrote:
2 > On Fri, 22 Jun 2018 21:50:50 -0500
3 > "Marty E. Plummer" <hanetzer@×××××××××.com> wrote:
4 >
5 > > So, as you may be aware I've been doing some work on moving bzip2 to
6 > > an autotools based build. Recently I've ran into app-crypt/mhash,
7 > > which is in a semi-abandoned state (talking with the maintainer on
8 > > twitter atm), and I was thinking it may be a good idea to set up a
9 > > project for keeping these semi-abandoned and really-abandoned
10 > > libraries and projects up to date and such.
11 >
12 > This is a common problem, however if you want to make this reasonable
13 > you wouldn't make it a gentoo thing, but a cross-distro effort. The
14 > idea has been tossed around a lot, but noone yet started implementing
15 > it.
16 >
17 > However keeping things alive may not always be the right option.
18 > There's a reason mcrypt is abandoned. It's an ancient crypto library,
19 > crypto is moving forward, there are better options.
21 Do you have any evidence that mcrypt should not be used?
23 Symmetric cryptography is quite conservative and it took years and
24 even decades for algorithms and their implementations to become
25 trusted, so there is nothing wrong in using good old verified
26 software.
28 Actually for local symmetric encryption this is the best tool I
29 know.
31 Best regards,
32 Andrew Savchenko


Subject Author
[gentoo-dev] Re: mcrypt status Martin Vaeth <martin@×××××.de>
Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) "Hanno Böck" <hanno@g.o>
Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) "Marty E. Plummer" <hanetzer@×××××××××.com>