Monday, February 12, 2007

New MaraDNS snapshots; Marahash 1.1 released

I have released two new MaraDNS snapshots today; a new snap for both the stable and development branches of MaraDNS. The development snapshot of MaraDNS has the most significant improvments: I have updated the CSV2 parser to allow TXT records with multiple fields to be in the more BIND-compatible 'field 1' 'field 2' format in addition to the 'field 1';'field 2' format MaraDNS 1.2 zone files use. This only works if the ~ is used to separate records, and will make finishing up the bind zone file to csv2 zone file conversion script easier.

In the stable snapshot, I have added the patch file that fixes the bug where a host name can not be a '.' by itself (the root DNS node). I will include this patch with the next stable release of MaraDNS, but will not apply this patch until I am sure this bugfix doesn't introduce any new bugs. I do not want to repeat the mistake I made with the 1.0.33/1.1.50 releases of MaraDNS, where a bug fix resulted in other bugs being created.

The workaround in MaraDNS 1.2 is to use a '%' in a zone file for the root node (csv2["."]) to get a DNS root node.

In both snapshots, the manpage reference PDF file has been updated. I finally got ghostscript 8.54 working on my system. Compiling and installing from the ghostscript 8.54 source was not enough; I also had to copy all of the fonts ghostscript wants from /usr/share/fonts/default/Type1/ and /usr/share/fonts/default/ghostscript/ in to the directory /usr/local/share/ghostscript/8.54/lib.

For a few years now, there has been a program hidden in tools/misc called Marahash. This is a program that uses the MaraDNS random number generator (an AES variant, as it turns out) as a compression function to make a 128-bit cryptographic hash. I recently discovered that the 1.2 security updates to MaraDNS' random number generator made the hash too slow to be usable. Since this hash is something useful to have, I have taken the Marahash code, replaced the MaraRNG with the older pre-1.2 MaraRNG core (the security improvments are not needed when using this core as a hash compression function), and made some usability improvments.

This resulted in Marahash. I then made some usability improvments to Marahash. Instead of being able to hash just a single file, Marahash now takes a list of files and directories as command line arguments. If a given command line argument is a directory, Marahash will recursively find all files in the directory and all sub-directories, and output their hashes. The output format for Marahash is now the hash followed by the filename. One can make a hash of all files in the current directory and all subdirectories with this command:

marahash . > MARASUMS

This is useful for making a file that can be used to verify file integrity on burned CDs and DVDs.

Marahash is not the fastest hash: it is about six times slower than SHA-1 and 10 times slower than MD5. It also has a digest size of only 128 bits. Despite these limitations, it is still a useful hash to have around.

I have both Linux/Unix source code and Windows binaries for Marahash available here:

marahash-1.1.tar.bz2 Sig (Linux/Unix source) Sig(Windows 32bit binary)