Author: Jean-Luc Cooke <jlcooke@certainkey.com>
        CertainKey Inc., Ottawa Ontario Canada
http://www.certiankey.com/~jlcooke/

This is a very easy to use and adaptable hash (or message digest) algorithm
library.  Its intended use is for UNIX PAM, in a ploy to phase out MD5 as an
algorithm for password hashing.

This lib does not provide salting, it leaves that for the caller since there are
much more interesting uses for hash algorithms.  :)

It is the opinion of the author that MD5 should no longer be used for UNIX shadow
files.  van Oorschot (of Entrust, and Handbook of Applied Cryptography fame)
in:
   http://citeseer.nj.nec.com/16659.html
   http://www.rsasecurity.com/rsalabs/faq/3-6-6.html
   http://www.stack.nl/~galactus/remailers/attack-3.html
 and other papers explains that MD5 and other 128bit message digest algorithms can be circumvented in practice.

Algorithm    Digest size    Effective Strength
MD5           128bit         64bit
SHA-1         160bit         80bit
SHA-256       256bit         128bit
SHA-512       512bit         256bit
RIPEMD-160    160bit         80bit

Cryptographic applications of good repute no longer use MD5 for cryptographic
purposes because of its weakness.

Also, for applications requiring low code-sizes, the Makefile can set a flag to
tell hashcom.h to set even more flags to tell all the required algorithms to go
into small footprint and low performance mode.  The MD5 code does not do this
because the author does not want people to use MD5. :)

Compare code sizes (-O3 -s passed to gcc):
Algorithm    HASHCOM_SMALL set    HASHCOM_REASONABLE set   HASHCOM_LARGE set
MD5          4608                 4608                     4608
SHA-1        2280                 5408                     5408
SHA-256      2712                 5136                     18136
SHA-512      4804                 16280                    72656
RIPEMD160    2692                 7244                     7244

For ultimate small code sizes, remove the API I have put into each algorithm file by:
  HASHCOM_SMALL set && HASHCOM_BASIC_API unset && -s -O1 passed to gcc

It should also be noted that SHA-2 is quite slow because most of it's primitive
operations are on 64bit values.  It is still several orders of magnitude faster
that public key algorithms like RSA/Elgamal, so it isn't an issue on system
performance unless you have 1,000,000 logins per minute (in this case you have
other problems to deal with).

Test programs are provided for each algorithm which will let you compare the
generated result and the expected result from standards.
  md5_test
  sha1_test
  sha256_test
  sha512_test
  ripemd160_test

An example program to show how to use the hasher_t pseudo-object (ANSI-C struct
with clever functions pointers) is also available.
  hasher_test

Thanks to the following for incorporating this into UNIX PAM:
  Andrew Morgan <morgan@transmeta.com>, Transmeta Corp.

Open-Source: Share and enjoy

JLC
