-
Thomas Haller authored
crypto_md5_hash() only has two users: (a) crypto_make_des_aes_key() (b) nm_utils_uuid_generate_from_string() For (b) it is just a complicated way to compute the MD5 hash. The restrictions on salt and password don't matter. Actually they are harmful because we cannot compute the MD5 hash of the empty word. For (a), the caller should make sure to pass whatever restrictions he wants to enforce on the data. For example, it is counterintuitive, that crypto_md5_hash() would require @salt_len, enforce it to be at least 8 bytes, and then just use the first 8 bytes. If the caller (a) wants that behavior, he should make sure that he passes in 8 bytes. Likewise for the empty word. If the caller does not want to compute the hash of empty passwords, he must not hash them. Indeed, all of this was enforced by assertions, any caller already did the right thing.
ef3de46c