[Cryptography Team] CTR mode, SecureRandom, ElGamal updates

Chris Muller chris at funkyobjects.org
Thu Feb 16 06:29:13 CET 2006 

Hi, this is just note to keep everyone informed about
what I've done.  Sorry its long, I will try to keep it
newsworthy and dense.   I have begun committing my
initial Cryptography improvements as promised.  I just
committed the following to our repository:

For CryptographyBase:

- Updated all usages of standard Random to use
SecureRandom.  This now allows calculation of 512,
1024, 2048 and, computational power permitting, larger
keys.  According to Schneier, Ferguson - "Practical
Cryptography" p. 217:
	"A prime of 2048 bits can be expected to secure data
until around 2022; 3072 bits is secure until 2038; and
4096 bits until 2050." ...  "Be careful with these
kinds of predictions."

- Extended SecureRandom with #nextInt: and
#nextFrom:to:.  The implementation just keeps calling
nextBits: until an in-range is returned, and it passed
a simple dispersion test.

- As a substitute for Collection
class>>#randomForPicking, we now have SecureRandom
class>>#picker.  This keys of this are wiped out and
regenerated on every image save, since saving the key
to disk is not recommended.

- Added SecureRandom class>>#withGeneratedKey.  This
enumerates a series of relatively unpredictable
Strings such as the bitmap of the current Squeak
desktop, mouse position, Timer values, etc.

- Fixed printOn:


For Cryptography-Core:

- Addition of CTR (counter) cipher mode.  In
"Practical Cryptography" Schneier reasons this is
preferred mode due to its simple implementation and no
need for padding.

- Added LargePositiveInteger>>#destroy to permit
wiping of keys from the image at proper times.


For Cryptography-ElGamal

- Now using SecureRandom instead of (insecure) Random.


For Cryptography-Tests

- The ElGamal cryptography tests let us down in terms
of testing for practical usage.  They were using
15-bit keys which totally obscured the problem with
the Random, which could not even generate numbers
large enough for the primes associated with 2048-bit
asymmetric keys (not to mention 1024 and 512!). 
Therefore, I upgraded the tests to use 384
(generated), 512, 1024, 2048 bit ElGamal keys.  The
2048-bit took 10 hours (!!) to generate, so I
instantiate with its #storeString so that the tests
run quickly.

- Also beefed up the associated DiffieHellman test to
use 384 bit keys (probably should test these with the
same key sizes as ElGamel).

- Because of the enhanced tests, there are more
methods, so I recategorized according to what they are
testing; "ElGamal", "DSA", "RSA", etc.  However, I'm
beginning to think we should move these tests to their
individual packages of what they're testing.  What
does everyone else think?

That's all for now, I hope you like it..!

 - Chris

More information about the Cryptography mailing list