Closed soverysour closed 1 week ago
SHA1 is not only "deprecated", but insecure.
As mentioned in #1137, I would prefer not to add insecure features to library(crypto)
.
Do you maybe need a library(websockets)
?
Yeah I understand, it felt a bit out of place to add this to library(crypto)
, though probably something like library(hashing)
could hold it. Yep, I was getting around to implementing something like a websockets
module.
A library for handling websockets would be an awesome contribution, thank you a lot for considering this!
Maybe there is an existing Rust crate that can perform much of the needed functionality so that it is not necessary to implement this manually?
Yeah, I suppose that's a more efficient / straightforward option. Is that the recommended approach for adding such functionality to scryer? (i.e. offloading the internals to the system_calls.rs
)
I suppose I could try that instead, though I'll need to familiarize myself better with how WAM works.
In case this is the recommended approach, I think you can also consider #2427 as closed, since it was related to this and it'll probably not be needed. You could also close this PR and I'll open a separate one once everything's ready.
Thanks!
Scryer benefits a lot from existing Rust crates especially related to networking and cryptography, the existing HTTP libraries implemented by @aarroyoc are a good example of this.
The current approach is indeed to add such functionality to system_calls.rs
, with a few ideas for potential improvements discussed in https://github.com/mthom/scryer-prolog/discussions/2339.
If you are reconsidering a PR you filed, please consider closing it or marking it as a draft for the time being until it becomes clear how to best proceed. Thank you a lot for working on this!
Thanks for clarifying! will close them in the meantime
Adds SHA1 to
crypto.pl
and a macOS specific file to.gitignore
.I know that SHA1 is deprecated (it also says so in the definition from
ring
), however, it's still useful to have this here for non-security purposes, e.g. its use in websockets. I also figured I'd suffix it with_deprecated
to make it obvious it shouldn't be typically used.