News Category Lisp

Announcements and informational posts


New MD5 release 2.0.3

A new patch release 2.0.3 of the MD5 implementation for Common Lisp has been released, which includes support for md5sum-string for as yet unsupported Lisp implementations through flexi-streams. This enhancement was supplied by Daniel Kochmanski. The new release is available from its PMSF page, and its GitHub home.

Note that MD5 has been cryptographically broken, and should therefore not be used in situations where a cryptographically secure hash function is needed (you might want to consider using our implementation of SHA-3 in those situations instead). However due to its wide historical use and its remaining suitability in non-cryptographically secure settings, this implementation is still of some interest.

New MD5 release 2.0.2

A new patch release 2.0.2 of the MD5 implementation for Common Lisp has been released, which includes fixes supplied by Martin Simmons for release 7.0 of LispWorks. The new release is available from its PMSF page, and its GitHub home.

Note that MD5 has been cryptographically broken, and should therefore not be used in situations where a cryptographically secure hash function is needed (you might want to consider using our implementation of SHA-3 in those situations instead). However due to its wide historical use and its remaining suitability in non-cryptographically secure settings, this implementation is still of some interest.

New SHA-3 release 1.0.2

A new patch release 1.0.2 of the SHA-3 library has been released, which fixes an important bug in the generation of message digests, where multiple calls to sha3-update with partially filled buffers could lead to input data being lost and therefore incorrect and colliding message digests being generated.

All users of SHA-3 should upgrade to the new release to avoid this issue. Uses of the library that only called sha3-update once for each message digest, as well as all uses of the high-level entry points were not affected by this issue, but should still upgrade as a precaution.

Thanks to Orivej Desh for reporting this issue.

The release is available from its PMSF page, and its GitHub home.

New SHA-3 release 1.0.1

A new patch release 1.0.1 of the SHA-3 library has been released, which switches the implementation choice for 64bit versions of LispWorks to the 32bit implementation instead of the fixnum default implementation. No other changes are contained in this release.

The release is available from its PMSF page, and its GitHub home.

New MD5 release 2.0.1

A new patch release 2.0.1 of the MD5 implementation for Common Lisp has been released, which fixes a bug on 64-bit releases of LispWorks, that would lead to wrong digests being generated at all times. The new release is available from its PMSF page, and its GitHub home.

Note that MD5 has been cryptographically broken, and should therefore not be used in situations where a cryptographically secure hash function is needed (you might want to consider using our implementation of SHA-3 in those situations instead). However due to its wide historical use and its remaining suitability in non-cryptographically secure settings, this implementation is still of some interest.

SHA-3 Release 1.0.0

As atonement for the recent MD5 release, and since we seem to perversely enjoy bumming numeric Common Lisp code, we have put together an implementation of the newly announced SHA-3, i.e. the algorithm formerly known as Keccak.

The package should be portable across nearly1 all ANSI compliant CL implementations with specialized versions tuned for implementations that offer unboxed 64bit arithmetic, unboxed 32bit arithmetic and for implementations with efficient fixnum arithmetic (requiring fixnums that can represent (unsigned-byte 16)). Especially the 64 and 32bit implementations have been mostly optimized for SBCL and CMU CL. For those implementations, digests with a 1024 bit-rate (and 288 bit digest output) can be generated in between 30 (64bit SBCL) to around 100 (32bit CMU CL) cycles/byte on an i7-640M; whereas optimized C/assembler implementations reach around 12 to 50 cycles/byte on 64/32 bit Intel hardware. The reason for the discrepancy probably lies in missing peephole and dependency optimizations in the SBCL/CMU CL compiler backend, which we might look at in a future release.

The release is available from its PMSF page, and its GitHub home.

Many thanks go to the Keccak Team (Guido Bertoni, Joan Daemen, Michaƫl Peeters and Gilles Van Assche, cf. http://keccak.noekeon.org) for their algorithm and excellent documentation and reference implementations.

Enjoy.


  1. Currently there is no version of the code that would work for CL implementations that have the smallest allowable fixnum size, which only covers (signed-byte 16), not (unsigned-byte 16) as required by the 16bit version in the package. I'm not aware of such a CL implementation, and in any case this could be easily fixed, at the cost of some code clarity and/or performance.

Consolidated MD5 release 2.0.0

The MD5 implementation for Common Lisp implemented by Pierre R. Mai a decade ago has been floating around in various tweaked versions for some time now. We have now produced a new consolidated release (release 2.0.0) of this with proper packaging, all known fixes and tweaks and implementation optimizations. The new release is still available from its PMSF page, and its new GitHub home.

Many thanks go to Christophe Rhodes, Alexey Dejneka, Nathan Froyd, Andreas Fuchs, John Desoi, Dmitriy Ivanov, and Kevin M. Rosenberg who improved, tweaked and maintained versions of MD5 over the years.

Note that MD5 has been cryptographically broken, and should therefore not be used in situations where a cryptographically secure hash function is needed. However due to its wide historical use and its remaining suitability in non-cryptographically secure settings, this implementation is still of some interest.

Deflate 1.0.1 released

A new minor release of Deflate is available, which only contains two changes from 1.0.0:

  1. Due to popular demand, the Deflate system is now called "deflate" instead of "Deflate", thus allowing (require :deflate) or (asdf:oos 'asdf:load-op :deflate) to do the right thing. Note that this is an incompatible change from version 1.0.0, thus requiring changes to system definition or init files referencing "Deflate" to reference "deflate" or :deflate or #:deflate instead. Sorry for the inconvenience.

  2. A minor bug workaround for ECL, which also improves performance on ECL by a factor of 2 (although performance on ECL is still very much non-optimized, patches are always welcome). Note that you will need to use ECL from the current git repository, since only this version currently contains other fixes needed to let Deflate work correctly (thanks go to Juan Jose Garcia-Ripoll for the quick fixes)!