[fpc-pascal] Re: HMAC_SHA1 and FPC

Reinier Olislagers reinierolislagers at gmail.com
Tue Apr 2 10:13:34 CEST 2013

On 2-4-2013 10:08, Mark Morgan Lloyd wrote:
> Reinier Olislagers wrote:
>> On 2-4-2013 5:13, Noah Silva wrote:
> Depends. If you're using (say) a hash function to store a token in lieu
> of a password then the important thing is that this behaves consistently
> across platforms and program versions. If an external library eliminated
> a potential security flaw (the most common case being when null text was
> processed) that might be significant in the case of key scheduling for
> data transfer over an insecure channel, but not for purely local storage.

Well, yes. But you can hardly limit use of the function to local storage

> As usual, there's little substitute for the original programmer knowing
> what he's doing, and for him documenting what he's done so that
> maintainers know what sort of external event can cause an issue.

... and prove it works/interoperates by including a test set, as I think
Silvio has done.

More information about the fpc-pascal mailing list