1 |
On Mon, 25 Jun 2018 07:59:47 +0200 Hanno Böck wrote: |
2 |
> On Fri, 22 Jun 2018 21:50:50 -0500 |
3 |
> "Marty E. Plummer" <hanetzer@×××××××××.com> wrote: |
4 |
> |
5 |
> > So, as you may be aware I've been doing some work on moving bzip2 to |
6 |
> > an autotools based build. Recently I've ran into app-crypt/mhash, |
7 |
> > which is in a semi-abandoned state (talking with the maintainer on |
8 |
> > twitter atm), and I was thinking it may be a good idea to set up a |
9 |
> > project for keeping these semi-abandoned and really-abandoned |
10 |
> > libraries and projects up to date and such. |
11 |
> |
12 |
> This is a common problem, however if you want to make this reasonable |
13 |
> you wouldn't make it a gentoo thing, but a cross-distro effort. The |
14 |
> idea has been tossed around a lot, but noone yet started implementing |
15 |
> it. |
16 |
> |
17 |
> However keeping things alive may not always be the right option. |
18 |
> There's a reason mcrypt is abandoned. It's an ancient crypto library, |
19 |
> crypto is moving forward, there are better options. |
20 |
|
21 |
Do you have any evidence that mcrypt should not be used? |
22 |
|
23 |
Symmetric cryptography is quite conservative and it took years and |
24 |
even decades for algorithms and their implementations to become |
25 |
trusted, so there is nothing wrong in using good old verified |
26 |
software. |
27 |
|
28 |
Actually for local symmetric encryption this is the best tool I |
29 |
know. |
30 |
|
31 |
Best regards, |
32 |
Andrew Savchenko |