Adds SHA1 to crypto.pl and a macOS specific file to .gitignore

mthom / scryer-prolog

A modern Prolog implementation written mostly in Rust.

BSD 3-Clause "New" or "Revised" License

1.93k stars 116 forks source link

Adds SHA1 to crypto.pl and a macOS specific file to .gitignore #2426

Closed soverysour closed 1 week ago

soverysour commented 1 week ago

Adds SHA1 to crypto.pl and a macOS specific file to .gitignore.

I know that SHA1 is deprecated (it also says so in the definition from ring), however, it's still useful to have this here for non-security purposes, e.g. its use in websockets. I also figured I'd suffix it with _deprecated to make it obvious it shouldn't be typically used.

triska commented 1 week ago

SHA1 is not only "deprecated", but insecure.

As mentioned in #1137, I would prefer not to add insecure features to library(crypto).

Do you maybe need a library(websockets)?

soverysour commented 1 week ago

Yeah I understand, it felt a bit out of place to add this to library(crypto), though probably something like library(hashing) could hold it. Yep, I was getting around to implementing something like a websockets module.

triska commented 1 week ago

A library for handling websockets would be an awesome contribution, thank you a lot for considering this!

Maybe there is an existing Rust crate that can perform much of the needed functionality so that it is not necessary to implement this manually?

soverysour commented 1 week ago

Yeah, I suppose that's a more efficient / straightforward option. Is that the recommended approach for adding such functionality to scryer? (i.e. offloading the internals to the system_calls.rs) I suppose I could try that instead, though I'll need to familiarize myself better with how WAM works. In case this is the recommended approach, I think you can also consider #2427 as closed, since it was related to this and it'll probably not be needed. You could also close this PR and I'll open a separate one once everything's ready. Thanks!

triska commented 1 week ago

Scryer benefits a lot from existing Rust crates especially related to networking and cryptography, the existing HTTP libraries implemented by @aarroyoc are a good example of this.

The current approach is indeed to add such functionality to system_calls.rs, with a few ideas for potential improvements discussed in https://github.com/mthom/scryer-prolog/discussions/2339.

If you are reconsidering a PR you filed, please consider closing it or marking it as a draft for the time being until it becomes clear how to best proceed. Thank you a lot for working on this!

soverysour commented 1 week ago

Thanks for clarifying! will close them in the meantime