Authentication and encryption in Squeak

Frank Shearar frank.shearar at rnid.org.uk
Fri Feb 6 10:38:49 UTC 2004


> >>> "Lex Spoon" 02/05/04 16:06 >>>
> 
> Jack Keel <jhkeel at facstaff.wisc.edu> wrote:
> > We are in need of authentication (e.g., secured login to obtain 
> > identity credentials)  and secured TCP/IP (e.g., encryption) 
> > connections in Squeak/Croquet.  I couldn't find much on this in the 
> > Wiki or the list.
> 
> There is a Cryptography package on SqueakMap that should give you the
> necessary building blocks for any protocol you want to devise.  It
> doesn't seem to get much discussion, but that just seems to be because
> it has beaten the problem entirely.  It has a LOT of algorithms in it.
> 
> As for making the protocol, you could either post here, or 
> (better) post
> to a security newsgroup, or (worse) go read Bruce Schneir's Applied
> Crytology book.  Please do get *someone* to review the protocol before
> commiting to it; security protocols are notoriously easy to botch, and
> once the protocol is in use it is hard to fix it.

Schneier and Ferguson's "Practical Cryptography" (which I almost
inevitably spoonerise, to my chagrin) provides examples of how to use
block ciphers, RNGs etc. correctly. It aims to be a handbook to
cryptography and fill up the void that Applied Cryptography failed to
address. Applied Crypto gives you all the references you could want,
and Practical Cryptography tells you how to use them.

The only not-so-great thing about Practical Crypto is that Schneier and
Ferguson tell you not to trust anything that hasn't been reviewed,
analysed, brutalised and mistreated by everyone and everything, and then
they present their brand new, unreviewed PRNG: Fortuna.

frank




More information about the Squeak-dev mailing list