[Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:Robert Withers robert.w.withers at gmail.comThu Oct 22 13:15:27 UTC 2015
Thanks for the link and the name, Ron. When SFLC get back to me I will mention Dan's involvement. Best, Robert On 10/20/2015 10:23 PM, Ron Teitelbaum wrote: >> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf Of >> Robert Withers >> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] >> RandomGenerator class>>unpredictableStringsDo: >> >> Ron, >> >> I checked that email and there is no mention of who it was sent to now this >> SFLC advisors. Ok that must be the Software Freedom Law Center. I just >> reached out to them on this. > [Ron Teitelbaum] > It was set to Dan Ravicher but not sure if he is still there. > > http://lists.squeakfoundation.org/pipermail/cryptography/2005-November/000084.html > >> Thank you, >> Robert >> >> On 10/19/2015 06:25 PM, Ron Teitelbaum wrote: >>> Hi Robert, >>> >>> I went back and reviewed and this is what I sent to BIS. >>> >>> http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/ >>> 000117.html >>> >>> Not much to it but we got a lot of advice from SFLC first. >>> >>> >From our research OS projects are allowed to host cryptographic code >>>> and make available for anyone to download. BUT that does not exclude >>>> users of the code from being restrained from exporting that code to >>>> any USA identified restricted entities. For example: >>>> http://www.state.gov/j/ct/list/c14151.htm >>> I would recommend at the very least to register the repo with the BIS for >> Pharo, but I would also contact the SFLC to verify nothing has changed. >>> All the best, >>> >>> Ron >>> >>>> -----Original Message----- >>>> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf >>>> Of Robert Withers >>>> Sent: Monday, October 19, 2015 5:28 PM >>>> To: The general-purpose Squeak developers list; 'Chris Muller' >>>> Cc: 'Pharo Development List' >>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] >>>> RandomGenerator class>>unpredictableStringsDo: >>>> >>>> (resending with Pharo list) >>>> >>>> Ron, would it be an easy process to add a second URL to the exception >>>> paperwork. Pharo does have new ideas about code storage and >>>> distribution that we would want to take advantage of. This would help a >> lot! >>>> Then again, screw their paperwork requirements of us. Put my name as >>>> responsible on the Pharo code and I'll take a trip to Cuba, if they >>>> need a scape goat for their 20th century thinking. Crypto is already >>>> out of the bag and everyone uses it freely. Just do it and ask permission >> later. >>>> In thinking about consolidating crypto code between squeak and pharo, >>>> I would guess there would be a thin capatibility layer for each >>>> system, then the Crypto code in the main. My goal is to have >>>> compatibility, crypto and plugins on both virtual platforms. >>>> >>>> Thanks so much ^^ >>>> >>>> Robert >>>> >>>> On 10/19/2015 05:17 PM, Ron Teitelbaum wrote: >>>>> Hi Chris, >>>>> >>>>> The exemption is not for the location of the server but the URL >>>>> where it is >>>> hosted. I'm happy to help in any way I can but I don't have access >>>> to the Pharo Repos. I have no issue with having Pharo packages on >>>> SqueakSource if that is what everyone agrees too. We have multiple >> packages hosted there. >>>> It's ok with me if we host some pharo code there too. >>>>> All the best, >>>>> >>>>> Ron >>>>> >>>>>> -----Original Message----- >>>>>> From: Chris Muller [mailto:ma.chris.m at gmail.com] >>>>>> Sent: Monday, October 19, 2015 3:59 PM >>>>>> To: Ron Teitelbaum >>>>>> Cc: Pharo Development List; The general-purpose Squeak developers >>>>>> list >>>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] >>>>>> RandomGenerator class>>unpredictableStringsDo: >>>>>> >>>>>> Heh, well, since then SqueakSource itself was moved to a different >>>>>> server in a different country. I guess there was also a mirror of >>>>>> SqueakSource hosted in Chile under a different URL for many years. >>>>>> >>>>>> I'm doubtful any of it matters, but we wouldn't want anyone to end >>>>>> up in Gitmo over it. If you're uncomfortable about hosting a copy >>>>>> elsewhere, then please at least namespace-prefix the Pharo-specific >>>>>> packages, to at least help keep it from becoming a tangled mess. >>>>>> >>>>>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum >> <ron at usmedrec.com> >>>>>> wrote: >>>>>>> Hi All, >>>>>>> >>>>>>> Unless someone filed the proper paperwork I would suggest NOT >>>>>>> moving >>>>>> the cryptography code anywhere except for SqueakSource. When we >>>>>> started the project we spent time ensuring that we had a proper >>>>>> exemption from the U.S. regulations on exporting cryptographic code. >>>>>> If someone copied and forked the code that exemption may not still >>>>>> apply to that new repository. >>>>>>> I'm not personally involved with the code on Pharo, not sure who >>>>>>> is doing >>>>>> crypto there. >>>>>>> All the best, >>>>>>> >>>>>>> Ron >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On >>>>>>>> Behalf Of Chris Muller >>>>>>>> Sent: Monday, October 19, 2015 2:47 PM >>>>>>>> To: The general-purpose Squeak developers list >>>>>>>> Cc: Pharo Development List >>>>>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to >>>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo: >>>>>>>> >>>>>>>> Yes, if a common package for both Squeak and Pharo is possible, >>>>>>>> that'd be great. Otherwise, the Squeak and Pharo versions should >>>>>>>> reside in separate repositories. Squeak users are still using >>>>>>>> squeaksource.com, Pharo moved to smalltalkhub and beyond.. >>>>>>>> >>>>>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers >>>>>>>> <robert.w.withers at gmail.com> wrote: >>>>>>>>> hey Ron, >>>>>>>>> >>>>>>>>> It was actually the Pharo Cryptography team I was thinking of. >>>>>>>>> Perhaps we can get the same package to work in both squeak and >>>>>>>>> Pharo, with use of installable entropy sources or the like. In >>>>>>>>> order to get SqueakElib running in Pharo I need crypto and we >>>>>>>>> may as >>>>>> well do it right. >>>>>>>>> Cheers, >>>>>>>>> Robert >>>>>>>>> >>>>>>>>> >>>>>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote: >>>>>>>>>> Hi Robert, >>>>>>>>>> >>>>>>>>>> You are already on the Cryptograph repo on SqueakSource.com as >>>>>>>>>> an >>>>>>>> admin. >>>>>>>>>> Please feel free to reorg if you like. >>>>>>>>>> >>>>>>>>>> Let me know if you have trouble resurrecting your account. >>>>>>>>>> >>>>>>>>>> All the best, >>>>>>>>>> >>>>>>>>>> Ron >>>>>>>>>> >>>>>>>>>>> -----Original Message----- >>>>>>>>>>> From: squeak-dev-bounces at lists.squeakfoundation.org >>>>>>>>>>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On >>>>>>>>>>> Behalf Of Robert Withers >>>>>>>>>>> Sent: Monday, October 19, 2015 1:53 PM >>>>>>>>>>> To: squeak-dev at lists.squeakfoundation.org >>>>>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to >>>>>>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo: >>>>>>>>>>> >>>>>>>>>>> This is great guys. Is there a way to get this from the image? >>>>>>>>>>> Good to get >>>>>>>>>> it >>>>>>>>>>> with an FFI/OSProcess call or something. >>>>>>>>>>> >>>>>>>>>>> Thank you, >>>>>>>>>>> Robert >>>>>>>>>>> >>>>>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote: >>>>>>>>>>>> Hi Guys, >>>>>>>>>>>> >>>>>>>>>>>> How about getting the CPU temperature. I think most CPUs >>>>>>>>>>>> support "Digital Thermal Sensor" (I'm not sure about ARM). I >>>>>>>>>>>> think it is seven bits. The real range should be less than >>>>>>>>>>>> that but it may be enough to help add some entropy. >>>>>>>>>>>> >>>>>>>>>>>> Lou >>>>>>>>>>>> >>>>>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers >>>>>>>>>>>> <robert.w.withers at gmail.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Ron , nice to see you too! It has been a number of years, >>>>>>>>>>>>> hasn't >>>>>> it? >>>>>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I hope >>>>>>>>>>>>> these have been kind years to you, as they have for me. >>>>>>>>>>>>> >>>>>>>>>>>>> I love the idea of optional sources of entropy, depending on >>>>>>>>>>>>> the deployed capabilities. So there are our mouse points and >>>>>>>>>>>>> such, because they ought to be optional. >>>>>>>>>>>>> >>>>>>>>>>>>> What are some reliably present sources in the most minimal >>>>>>>> situation? >>>>>>>>>>>>> If we could define minimal as an image with no image level >>>>>>>>>>>>> I/O beyond file I/O, I would think we'd have: Kernel, >>>>>>>>>>>>> System, Collections, Compiler and FFI. Some intransitives in >>>>>>>>>>>>> that scope for entropy would be >>>>>>>>>>> grand. >>>>>>>>>>>>> I was thinking to take 5 millisecondClockValues, separated >>>>>>>>>>>>> by >>>>>>>>>>>>> 4 non-secure random intervals: take the low order byte of >>>>>>>>>>>>> the >>>>>>>>>>>>> 4 intervals and reverse & concat them, as a entropic source. >>>>>>>>>>>>> >>>>>>>>>>>>> I can coordinate these changes. Ron, could you add me to the >>>>>>>>>>>>> Cryptography team so I can upload the Pharo Cryptography >>>>>>>>>>> #bleedingEdge? >>>>>>>>>>>>> Thanks and I look forward to more, :) >>>>>>>>>>>>> >>>>>>>>>>>>> Robert >>>>>>>>>>>>> >>>>>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote: >>>>>>>>>>>>>> Hi Robert, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Nice to see you! >>>>>>>>>>>>>> >>>>>>>>>>>>>> Looks interesting I know that Chris did something gathering >>>>>>>>>>>>>> sources of >>>>>>>>>>> entropy. Seems like the more the better. Could you just make >>>>>>>>>>> the entropy sources optional such that if they exist we use them? >>>>>>>>>>> I would have to go back and see what Chris did but he was >>>>>>>>>>> following suggestions from Schneider in his secureRandom. >>>>>>>>>>>>>> All the best, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Ron Teitelbaum >>>>>>>>>>>>>> >>>>>>>>>>>>>>> -----Original Message----- >>>>>>>>>>>>>>> From: Pharo-dev [mailto:pharo-dev- >> bounces at lists.pharo.org] >>>>>>>>>>>>>>> On Behalf Of Robert Withers >>>>>>>>>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM >>>>>>>>>>>>>>> To: The general-purpose Squeak developers list; Pharo >>>>>>>>>>>>>>> Development List >>>>>>>>>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] >>>>>>>>>>>>>>> RandomGenerator >>>>>>>>>>>>>>> class>>unpredictableStringsDo: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing method, >>>>>>>>>>>>>>> followed by my modified Pharo method below. I welcome >> any >>>>>>>> feedback. >>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>> Robert >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>> Existing: >>>>>>>>>>>>>>> unpredictableStringsDo: aBlock >>>>>>>>>>>>>>> "Enumerate sources of information from my >>>>>>>>>>>>>>> environment that >>>>>>>>>>> should >>>>>>>>>>>>>>> be generally hard to guess." >>>>>>>>>>>>>>> | time | >>>>>>>>>>>>>>> time := Time millisecondsToRun: >>>>>>>>>>>>>>> [ aBlock >>>>>>>>>>>>>>> value: World imageForm bits >>>>>>>>>>>>>>> compressToByteArray ; >>>>>>>>>>>>>>> value: Sensor mousePoint x asString ; >>>>>>>>>>>>>>> value: Sensor mousePoint y asString ; >>>>>>>>>>>>>>> value: Time >>>>>>>>>>>>>>> millisecondClockValue asByteArray ; >>>>>>>>>>>>>>> value: Date today asString ; >>>>>>>>>>>>>>> value: Time now asString ; >>>>>>>>>>>>>>> value: Display extent asString. >>>>>>>>>>>>>>> 100 timesRepeat: [ aBlock value: UUID new ]. >>>>>>>>>>>>>>> #(vmVersion platformName primVmPath >>>>>>>>>>>>>>> imageName >>>>>>>>>>> platformSubtype >>>>>>>>>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString >>>>>>>>>>>>>>> imageName) >>>>>>>>>>>>>>> collect: >>>>>>>>>>>>>>> [ : each | >>>>>>>>>>>>>>> aBlock value: (SmalltalkImage >>>>>>>>>>>>>>> current >>>>>>>>>>>>>>> perform: each) >>>>>>>>>>> asByteArray >>>>>>>>>>>>>>> ] ]. >>>>>>>>>>>>>>> aBlock >>>>>>>>>>>>>>> value: time asByteArray; >>>>>>>>>>>>>>> "maybe the pointer has moved, hit it again." >>>>>>>>>>>>>>> value: Sensor mousePoint asString ; >>>>>>>>>>>>>>> value: Time millisecondClockValue >>>>>>>>>>>>>>> asByteArray >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>> Pharo port: >>>>>>>>>>>>>>> unpredictableStringsDo: aBlock >>>>>>>>>>>>>>> "Enumerate sources of information from my >>>>>>>>>>>>>>> environment that >>>>>>>>>>> should >>>>>>>>>>>>>>> be generally hard to guess." >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> | time | >>>>>>>>>>>>>>> time := Time millisecondsToRun: >>>>>>>>>>>>>>> [ aBlock >>>>>>>>>>>>>>> value: Time >>>>>>>>>>>>>>> millisecondClockValue asByteArray ; >>>>>>>>>>>>>>> value: Date today asString ; >>>>>>>>>>>>>>> value: Time now asString. >>>>>>>>>>>>>>> 100 timesRepeat: [ aBlock value: UUID new ]. >>>>>>>>>>>>>>> #(version primImagePath imagePath >>>>>>>>>>>>>>> datedVersion >>>>>>>>>>>>>>> lastQuitLogPosition) >>>>>>>>>>>>>>> collect: >>>>>>>>>>>>>>> [ : each | >>>>>>>>>>>>>>> aBlock value: (SmalltalkImage >>>>>>>>>>>>>>> current >>>>>>>>>>>>>>> perform: each) >>>>>>>>>>> asByteArray >>>>>>>>>>>>>>> ] ]. >>>>>>>>>>>>>>> aBlock >>>>>>>>>>>>>>> value: time asByteArray; >>>>>>>>>>>>>>> value: Time millisecondClockValue >>>>>>>>>>>>>>> asByteArray >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote: >>>>>>>>>>>>>>>> This is a message intended for anyone who was on the >>>>>>>>>>>>>>>> Cryptography >>>>>>>>>>> team. >>>>>>>>>>>>>>>> I recently ported it to Pharo and had to make changes to >>>>>>>>>>>>>>> RandomGenerator >>>>>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly removed >>>>>>>>>>>>>>>> class>>some uncertainty >>>>>>>>>>>>>>>> from the results of this message. My question is what >>>>>>>>>>>>>>>> should I do about that? This method seems to require >>>>>>>>>>>>>>>> non-headless, as it is checking the mouse point and such. >>>>>>>>>>>>>>>> This being a crypto cornerstone, what the best answer >> here. >>>>>>>>>>>>>>>> Thank you, >>>>>>>>>>>>>>>> Robert >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> ----------------------------------------------------------- >>>>>>>>>>>> Louis LaBrunda >>>>>>>>>>>> Keystone Software Corp. >>>>>>>>>>>> SkypeMe callto://PhotonDemon >>>>>>>>>>>> mailto:Lou at Keystone-Software.com http://www.Keystone- >>>>>>>> Software.com >>>>>>>>>> >>> > >
More information about the Squeak-dev mailing list |