auto merge of #9744 : DaGenix/rust/remove-crypto, r=alexcrichton

Remove the Sha1, Sha2, MD5, and MD4 algorithms. SipHash is also cryptographically secure hash function and IsaacRng is a cryptographically secure RNG - I left those alone but removed comments that implied they were suitable for cryptographic use. I thought that MD4 was used for something by the compiler, but everything still seems to work with it removed, so, I guess not.

One thing that I'm not sure about - workcache.rs and workcache_support.rs (in librustpkg) both depend on Sha1. Without Sha1, the only hash function left is SipHash, so I switched that code over to use SipHash. The output size of SipHash is only 64-bits, however - much less than 160 for Sha1. I'm not sure this is a problem. Without other cryptographic hashes in the tree, I'm not sure what else to do. I considered moved Sha1 into librustpkg, but I don't know if that makes sense.

If merged, this closes #9300.

1 files changed, 7 insertions, 2 deletions

diff --git a/src/libstd/hash.rs b/src/libstd/hash.rs
index ed7fc9eb1d9..6f6e847f569 100644
--- a/src/libstd/hash.rs
+++ b/src/libstd/hash.rs
@@ -15,8 +15,13 @@
  *
  * Consider this as a main "general-purpose" hash for all hashtables: it
  * runs at good speed (competitive with spooky and city) and permits
- * cryptographically strong _keyed_ hashing. Key your hashtables from a
- * CPRNG like rand::rng.
+ * strong _keyed_ hashing. Key your hashtables from a strong RNG,
+ * such as rand::rng.
+ *
+ * Although the SipHash algorithm is considered to be cryptographically
+ * strong, this implementation has not been reviewed for such purposes.
+ * As such, all cryptographic uses of this implementation are strongly
+ * discouraged.
  */
 
 #[allow(missing_doc)];