"Levente Uzonyi"<leves at elte.hu> wrote:
> There was a plan to add the whole Cryptography package (split to three
> packages) to the Trunk. Some older versions are waiting in the Inbox (see 
> CryptoCore, CryptoCerts and CryptoExtras). IIRC this process is stalled 
> because the proper renaming of the packages didn't happen (Cryptography 
> instead of Crypto). If the renaming is done, then Squeak will have a 
> working MD5 implementation out of the box.
> 
> Another solution is to grab the MD5 implementation from WebClient (which 
> is probably the same as in Croquet, since it uses the CroquetPlugin if 
> available).
> 
> What do you think?

I'm not sure what exactly is available with Cryptography and WebClient, but I'd like to recommend an approach like the one we took in the Xtreams-Xtras package. The main idea is to have an abstract interface of a Hash that allows for pluggable implementations. I believe it is important because external implementations are becoming increasingly common, you can pretty much bet on a recent OS to have one built in. I believe it's important to allow users to leverage those for a number of reasons:

* they are a *lot* faster and it matters because hashes are used to process bulk data
* users may be required to use certified implementations, i.e. they may need to plug in their own
* all hash functions work the same way so you get multiple algorithms for free
* someone else keeps them up to date (new hash standard replacing SHA-2 is looming)

It is of course nice to have a native smalltalk implementation too for the cases where an external one is just not available (or is a hassle to use, etc). But that can be plugged in the same way as the others. To me the key aspect is enabling that. Xtreams-Xtras provide a Hash (and HMAC) that can be backed by libcrypto (OpenSSL) and bcrypt (Windows Vista and later). The interface is simple and reasonably complete, although I think it's missing cloning of a hash in progress (but I'm not sure how widely it is supported). What's definitely missing is a mechanism that will transparently pick the right one based on current circumstances. What's there simply goes for bcrypt if the platform is windows and goes for libcrypto otherwise (hardwired). It would be nice to have something that will allow a user to plug in his/her own and that will allow overriding any default choices in a controlled way. We had a bit of a discussion on that in vwnc few months ago (http://www.parcplace.net/list/vwnc-archive/1102/msg00087.html).

Anyway, my main point is that a hash implementation that is made part of the core product should satisfy the above criteria somehow.

That's my 2c. Cheers!

Martin