-------------------------------------------------- From: "Andreas Raab" andreas.raab@gmx.de Sent: Thursday, September 02, 2010 4:59 PM To: "The general-purpose Squeak developers list" squeak-dev@lists.squeakfoundation.org Subject: [squeak-dev] Re: [Cryptography Team]Re:DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot random
On 9/2/2010 1:43 PM, Chris Muller wrote:
Shouldn't we stay with the same naming convention, "Cryptography"?
Fine either way. Though the argument could be made that for compatibility it might be useful to leave the current "Cryptography" alone and have the new packages use slightly different naming conventions, such that:
Crypto + Certificates = Cryptography.
But like I said I'm good either way.
Me too. Since we will continue to store Certificates package in the Cryptography repository, I think it makes sense to rename to Certificates.
If RSA is in Cryptography-Core, shouldn't ElGamal and DiffieHellman belong in core as well?
Could do. I'm not the expert here, so I'll let others comment. My main dividing line is that the core should contain what is widely used and practical (i.e., performs well enough to be used in practice).
Currently in Core:
ARC4 MD5 DES/TripleDES Rijndael(AES) SHA1 SHA256 DSA/Generator/PublicKey/PrivateKey RSA/Generator/Key/PrivateKey ElGamal/Generator/PublicKey/PrivateKey DiffieHellman SecureRandom
(in Core-Utilities
Fortuna PrimesFinder primitive wrappers other stuff)
Currently in Extras:
ARC2 MD2 MD4
As a consequence, MD5, SHA1, SHA256 are all obvious choices since they're both widely used and perform well (with prims at least and we may require that),
We have prims, located in the Cryptography repository, for:
DES DSA MD5 SHA256
whereas for example MD2, MD4 (outdated) and DiffieHellman (WAY too slow) are not.
Andreas, I use DiffieHellman for key exchange in my system. It is considered slow? It is a one time use in a connection...
RSA, on the other hand, is somewhere in the middle - it performs reasonably well (we use it for key exchange in our products) but one could easily argue that it's not a common enough feature to be required in Core. Not sure on ElGamal.
How do you use RSA for key exchange?
But in any case, I think I'll leave this to the experts, which I think is you, Rob and Ron :-)
That's what I got, Rob
Cheers,
- Andreas
On Sat, Aug 28, 2010 at 6:30 AM, Rob Withersreefedjib@gmail.com wrote:
From: "Bert Freudenberg"bert@freudenbergs.de Sent: Saturday, August 28, 2010 7:13 AM To: "The general-purpose Squeak developers list" squeak-dev@lists.squeakfoundation.org Subject: Re: [Cryptography Team]Re:[squeak-dev]DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot random
On 28.08.2010, at 12:59, Rob Withers wrote:
From: "Bert Freudenberg"bert@freudenbergs.de Sent: Saturday, August 28, 2010 6:42 AM To: "The general-purpose Squeak developers list" squeak-dev@lists.squeakfoundation.org Cc: "Squeak Crypto"cryptography@lists.squeakfoundation.org Subject: Re: [Cryptography Team] Re:[squeak-dev]DigitalSignatureAlgorithm>>#initRandomNonInteractivelyis not random
It's best to first publish to the inbox. You do not need special permissions for that. Once we're happy with the packages we move them over to trunk.
Done. The following packages are in the Inbox:
CryptoCore CryptoCoreTests CryptoExtras CryptoExtrasTests CryptoCerts CryptoCertsTests
All tests pass, although I have not tried to load just CryptoCore and CryptoCoreTests and run its tests.
Rob
Ah, should have commented on the package names - didn't think you're *that* fast ;)
I did the work last night.
The convention is to use hyphenation. As Andreas suggested, that would be "Crypto-Core", "Crypto-Core-Tests" etc.
The problem with that approach is the the Test package gets included with the core package. In the example of "Kernel" and "KernelTests" hyphenation is not used.
Rob