[Cryptography Team] Re: potential to include cryptography in base image

Robert Withers robert.w.withers at gmail.com
Tue Dec 15 10:44:20 UTC 2015 

Thank you, Sven, giving me the opportunity to scope the right mailing 
lists into the discussion.

I love that Pharo is oriented towards business. My particular excitement 
is to see all the scientific computing. These recent threads on 
expanding capacity and targeting marketing are good. I think 
Cryptography in the base, including SecureSession, adds to that effort.

The Cryptography package, both for squeak and the Cryptography-Pharo 
package, and in the Cryptography repository 
(http://www.squeaksource.com/Cryptography. Through the Monticello 
Browser this is a loadable item. The loading of SecureSession, which is 
loadable by both squeak and pharo, ois a separate load. I appreciate 
that pharo has established a different mechanism for loading.

At this time, I am deep into fixing ReedSolomon FEC code, so I must be 
conservative (which I am) and defer learning and including Cryptography 
in that mechanism. I must be careful what promises I make and I cannot 
make a commitment here.  If you are interested in seeing this in pharo's 
catalog, then the Cryptography team welcomes new members, especially 
from new environments. Welcome. We appreciate all the work that you do!

Again, I appreciate the opportunity to engage the community in 
discussion around the definition and example of a minimal modular image 
that includes Cryptography & SecureSession in the base.


NB: I think that business computing and scientific computing does not 
equal mobile devices, necessarily. I have long made the case, with 
varying degrees of effectiveness, that squeak belongs on the server. A 
SecureSession & Cryptography capability in the base, minimal, headless 
image is desired: the first question in the OP.

Therefore, the correct target of growth is not mobile, it is BigData!


On 12/15/2015 05:20 AM, Sven Van Caekenberghe wrote:
> Robert,
>
> I think that the Pharo community, part of which is more business oriented, is absolutely interested in more and better Crypto code. In any case, I am.
>
> What we absolutely want, if it is not already the case (I did not check), is that the Crypto code can be loaded using 1 single action (through our validated Monticello configurations and Catalog mechanism) - I am sure you will find help to achieve and maintain (through a CI process) that goal.
>
> Whether it should be a base part of the image is another question. Modularity is a huge goal for Pharo. This is a much harder discussion (as the same can be said of or asked for for many packages that are generally useful: XML, CSV, JSON, SQL, ...). In any the case, the first step is the one described in the previous paragraph. Then you need traction, usage, and maybe demand for full inclusion.
>
> Regards,
>
> Sven
>
>> On 15 Dec 2015, at 11:00, Robert Withers <robert.w.withers at gmail.com> wrote:
>>
>> It was suggested to me that I write to the list and raise the question about cryptography being included in the base image. Really I have 3 questions I would ask you all:
>>
>> 	• is it desirable to include cryptography?
>> 	• is it feasible to include cryptography?
>> 	• what is the time frame for including cryptography?
>> Given the thread on password hashing (and salting and so on), there are good, solid implementations in the cryptography package. Looking in the Cryptography repository, there is a Pharo 5.0 compatible Cryptography package.
>>
>> In light of another recent thread discussing random number generation, discussion about the best approach to random algorithms in cryptography ought be engaged. For instance, the SecureRandom algorithm evidently provides some level of guarantee.
>>
>> To underline the solidity I am attaching a profile of all 102 cryptography tests passing green. This profile demonstrates that there are no areas of particular inefficiency - nothing stands out to be improved - means that the entire library is maximally efficient.
>>
>> And so I please ask that we have these discussions, for there is a lot of value in this package for general and basic use.
>>
>>
>> -- 
>> . .. ... ^,^ best, robert
>> <Cryptography Spy Results.text.gz>

-- 
. .. .. ^,^ best, robert

More information about the Cryptography mailing list