--------------------------------------------------
From: "Andreas Raab" <andreas.raab at gmx.de>
Sent: Thursday, September 02, 2010 4:59 PM
To: "The general-purpose Squeak developers list" 
<squeak-dev at lists.squeakfoundation.org>
Subject: [squeak-dev] Re: [Cryptography 
Team]Re:DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot random

> On 9/2/2010 1:43 PM, Chris Muller wrote:
>> Shouldn't we stay with the same naming convention, "Cryptography"?
>
> Fine either way. Though the argument could be made that for compatibility 
> it might be useful to leave the current "Cryptography" alone and have the 
> new packages use slightly different naming conventions, such that:
>
> Crypto + Certificates = Cryptography.
>
> But like I said I'm good either way.

Me too.  Since we will continue to store Certificates package in the 
Cryptography repository, I think it makes sense to rename to Certificates.


>> If RSA is in Cryptography-Core, shouldn't ElGamal and DiffieHellman
>> belong in core as well?
>
> Could do. I'm not the expert here, so I'll let others comment. My main 
> dividing line is that the core should contain what is widely used and 
> practical (i.e., performs well enough to be used in practice).

Currently in Core:

ARC4
MD5
DES/TripleDES
Rijndael(AES)
SHA1
SHA256
DSA/Generator/PublicKey/PrivateKey
RSA/Generator/Key/PrivateKey
ElGamal/Generator/PublicKey/PrivateKey
DiffieHellman
SecureRandom

(in Core-Utilities

Fortuna
PrimesFinder
primitive wrappers
other stuff)

Currently in Extras:

ARC2
MD2
MD4

> As a consequence, MD5, SHA1, SHA256 are all obvious choices since they're 
> both widely used and perform well (with prims at least and we may require 
> that),

We have prims, located in the Cryptography repository, for:

DES
DSA
MD5
SHA256

> whereas for example MD2, MD4 (outdated) and DiffieHellman (WAY too slow) 
> are not.

Andreas, I use DiffieHellman for key exchange in my system.  It is 
considered slow?  It is a one time use in a connection...

> RSA, on the other hand, is somewhere in the middle - it performs 
> reasonably well (we use it for key exchange in our products) but one could 
> easily argue that it's not a common enough feature to be required in Core. 
> Not sure on ElGamal.

How do you use RSA for key exchange?

>
> But in any case, I think I'll leave this to the experts, which I think is 
> you, Rob and Ron :-)

That's what I got,
Rob

>
> Cheers,
>   - Andreas
>
>>
>>
>> On Sat, Aug 28, 2010 at 6:30 AM, Rob Withers<reefedjib at gmail.com>  wrote:
>>>
>>>
>>> --------------------------------------------------
>>> From: "Bert Freudenberg"<bert at freudenbergs.de>
>>> Sent: Saturday, August 28, 2010 7:13 AM
>>> To: "The general-purpose Squeak developers list"
>>> <squeak-dev at lists.squeakfoundation.org>
>>> Subject: Re: [Cryptography
>>> Team]Re:[squeak-dev]DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot
>>> random
>>>
>>>>
>>>> On 28.08.2010, at 12:59, Rob Withers wrote:
>>>>
>>>>>
>>>>>
>>>>> --------------------------------------------------
>>>>> From: "Bert Freudenberg"<bert at freudenbergs.de>
>>>>> Sent: Saturday, August 28, 2010 6:42 AM
>>>>> To: "The general-purpose Squeak developers list"
>>>>> <squeak-dev at lists.squeakfoundation.org>
>>>>> Cc: "Squeak Crypto"<cryptography at lists.squeakfoundation.org>
>>>>> Subject: Re: [Cryptography Team]
>>>>> Re:[squeak-dev]DigitalSignatureAlgorithm>>#initRandomNonInteractivelyis 
>>>>> not
>>>>> random
>>>>>
>>>>>> It's best to first publish to the inbox. You do not need special
>>>>>> permissions for that. Once we're happy with the packages we move them 
>>>>>> over
>>>>>> to trunk.
>>>>>
>>>>> Done.   The following packages are in the Inbox:
>>>>>
>>>>> CryptoCore
>>>>> CryptoCoreTests
>>>>> CryptoExtras
>>>>> CryptoExtrasTests
>>>>> CryptoCerts
>>>>> CryptoCertsTests
>>>>>
>>>>> All tests pass, although I have not tried to load just CryptoCore and
>>>>> CryptoCoreTests and run its tests.
>>>>>
>>>>> Rob
>>>>
>>>> Ah, should have commented on the package names - didn't think you're
>>>> *that* fast ;)
>>>
>>> I did the work last night.
>>>
>>>>
>>>> The convention is to use hyphenation. As Andreas suggested, that would 
>>>> be
>>>> "Crypto-Core", "Crypto-Core-Tests" etc.
>>>
>>> The problem with that approach is the the Test package gets included 
>>> with
>>> the core package.  In the example of "Kernel" and "KernelTests" 
>>> hyphenation
>>> is not used.
>>>
>>> Rob
>>>
>>>
>>>
>>>
>>
>>
>
>
>