[Cryptography Team] package structure

Ron Teitelbaum Ron at USMedRec.com
Mon Feb 13 22:49:42 CET 2006 

Chris,

The reason for the separate packages is to make it easier for people to find
and load what they need.  If I only need a cipher then I shouldn't have to
load all the packages.  

If I understand correctly SecureRandom relies on external packages, so
either the external packages become part of base, or SecureRandom needs to
come out of base, and should have SHA1 and SHA256 as a prerequisite.  (I'm
not sure how to define prerequisites in MC maybe Cees or someone can help
there).

I would vote for pulling SecureRandom out of base.    I believe there are
benefits to having multiple packages. I wouldn't want to see that removed,
if anything having separate packages, having to stop and decipher what the
package names mean, as a first place to start understanding cryptography is
useful in itself. What does everyone else think?

Ron Teitelbaum

> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of
> Chris Muller
> Sent: Monday, February 13, 2006 4:10 PM
> To: cryptography at lists.squeakfoundation.org
> Subject: [Cryptography Team] package structure
> 
> I know we've talked about our package structure before
> but..
> 
> As I work through this book, I have some fixes and
> additions to our Crytography packages.  Here is a list
> of things I plan to post in the coming days:
> 
>   - addition of entropic sources for seed material
>   - addition of the CTR (counter) cipher mode
>   - addition of the "Fortuna" random generator
>   - fix for seriously broken MillerRabin algorithm
> preventing generation of proper-sized asymmetric keys
> (i.e., for Diffie-Hellman / ElGamal and maybe RSA
> too).
> 
> For the first one "entropic sources for seed
> material".  It individually hashes unpredictable
> strings from the users environment such as:
> 
>   - current directory
>   - Time millisecondClockValue
>   - World imageForm bits compressToByteArray
>   - SmalltalkImage current vmStatisticsReportString
>   - Sensor mousePoint
>   - etc., etc.
> 
> and then finally SHA256 hashes the concatentation of
> all of those hashes.  Slow, but totally unpredictable.
> 
> I've started by implementing SecureRandom
> class>>#entropicSourcesDo: which is used by
> SecureRandom class>>#randomSeed.  But SecureRandom is
> in the "CryptographyBase" package, so I can't use SHA1
> and SHA256.
> 
> It seems to me that many crypto primitives are built
> from other ones.  Wouldn't it be easier to have
> everything back in one package?  What are we trying to
> accomplish here by having them all in separate
> packages?
> 
> How should I proceed?
> 
> Thanks,
>   Chris
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

More information about the Cryptography mailing list