[Cryptography Team] Re: potential to include cryptography in base
image
Robert Withers
robert.w.withers at gmail.com
Tue Dec 15 10:44:20 UTC 2015
Thank you, Sven, giving me the opportunity to scope the right mailing
lists into the discussion.
I love that Pharo is oriented towards business. My particular excitement
is to see all the scientific computing. These recent threads on
expanding capacity and targeting marketing are good. I think
Cryptography in the base, including SecureSession, adds to that effort.
The Cryptography package, both for squeak and the Cryptography-Pharo
package, and in the Cryptography repository
(http://www.squeaksource.com/Cryptography. Through the Monticello
Browser this is a loadable item. The loading of SecureSession, which is
loadable by both squeak and pharo, ois a separate load. I appreciate
that pharo has established a different mechanism for loading.
At this time, I am deep into fixing ReedSolomon FEC code, so I must be
conservative (which I am) and defer learning and including Cryptography
in that mechanism. I must be careful what promises I make and I cannot
make a commitment here. If you are interested in seeing this in pharo's
catalog, then the Cryptography team welcomes new members, especially
from new environments. Welcome. We appreciate all the work that you do!
Again, I appreciate the opportunity to engage the community in
discussion around the definition and example of a minimal modular image
that includes Cryptography & SecureSession in the base.
NB: I think that business computing and scientific computing does not
equal mobile devices, necessarily. I have long made the case, with
varying degrees of effectiveness, that squeak belongs on the server. A
SecureSession & Cryptography capability in the base, minimal, headless
image is desired: the first question in the OP.
Therefore, the correct target of growth is not mobile, it is BigData!
On 12/15/2015 05:20 AM, Sven Van Caekenberghe wrote:
> Robert,
>
> I think that the Pharo community, part of which is more business oriented, is absolutely interested in more and better Crypto code. In any case, I am.
>
> What we absolutely want, if it is not already the case (I did not check), is that the Crypto code can be loaded using 1 single action (through our validated Monticello configurations and Catalog mechanism) - I am sure you will find help to achieve and maintain (through a CI process) that goal.
>
> Whether it should be a base part of the image is another question. Modularity is a huge goal for Pharo. This is a much harder discussion (as the same can be said of or asked for for many packages that are generally useful: XML, CSV, JSON, SQL, ...). In any the case, the first step is the one described in the previous paragraph. Then you need traction, usage, and maybe demand for full inclusion.
>
> Regards,
>
> Sven
>
>> On 15 Dec 2015, at 11:00, Robert Withers <robert.w.withers at gmail.com> wrote:
>>
>> It was suggested to me that I write to the list and raise the question about cryptography being included in the base image. Really I have 3 questions I would ask you all:
>>
>> • is it desirable to include cryptography?
>> • is it feasible to include cryptography?
>> • what is the time frame for including cryptography?
>> Given the thread on password hashing (and salting and so on), there are good, solid implementations in the cryptography package. Looking in the Cryptography repository, there is a Pharo 5.0 compatible Cryptography package.
>>
>> In light of another recent thread discussing random number generation, discussion about the best approach to random algorithms in cryptography ought be engaged. For instance, the SecureRandom algorithm evidently provides some level of guarantee.
>>
>> To underline the solidity I am attaching a profile of all 102 cryptography tests passing green. This profile demonstrates that there are no areas of particular inefficiency - nothing stands out to be improved - means that the entire library is maximally efficient.
>>
>> And so I please ask that we have these discussions, for there is a lot of value in this package for general and basic use.
>>
>>
>> --
>> . .. ... ^,^ best, robert
>> <Cryptography Spy Results.text.gz>
--
. .. .. ^,^ best, robert
More information about the Cryptography
mailing list