[Vm-dev] Re: SqueakSSL fixes
Paul DeBruicker
pdebruic at gmail.com
Mon Feb 17 19:27:13 UTC 2014
Hi Ron,
I agree with everything you said. Its my undesrtanding that the use of the
PRNG data will be for things like the Seaside specific _s session keys and
_k callback keys and cookies. Not any kind of secure streaming protocol.
Since SqueakSSL now ships with Eliot's vm and the pharo vm it seems like a
convenient, better source than the Random class on those platforms.
Thanks
Paul
Ron Teitelbaum wrote
>> From: Paul DeBruicker
>>
>>
>> Göran Krampe wrote
>> >
>> > ...phew. Ok, let me know if you need anything more and ask questions.
>> >
>> > regards, Göran
>>
>>
>> Hi Göran,
>>
>> On the Seaside Dev list there was a discussion about accessing RAND_bytes
>> from
>> OpenSSL via the SqueakSSL plugin for secure key generation. Is that
>> something
>> that would be possible to add to the SqueakSSL plugin at this time?
>>
>> The discussion is here:
>>
>> http://forum.world.st/Seaside-Security-td4742433.html
>>
>
> Hi Paul,
>
> I may be missing something so maybe you could answer a question for me.
> The best cryptography is the simplest for developers to implement. I
> understand wanting to provide crypto components, that's what we did with
> the Cryptography Team. SqueakSSL is a much better solution for adding
> security to end user (developers) of seaside. The reason for this is that
> all of the technical details are left for the professionals. SqueakSSL
> uses OpenSSL on Linux and the windows security implementation on windows,
> and the apple security implementation on mac. You really can't get better
> than that. SqueakSSL eliminates your need for PRNG, since it is used and
> implemented properly on each platform. So given that, why do you need
> PRNG? If you are implementing your own secure stream, you had better know
> what you are doing, in which case PRNG becomes less of an issue, since
> there are a lot of platform specific solutions.
>
> If you are sure you need it we did one in Cryptography which might be
> useful. If you really feel like you need a proper platform specific
> random generator see the Croquet plugin and TCryptoRandom.
>
> Also if you are planning on using SSL on a Linux server I would highly
> recommend using STUD.
>
> All the best,
>
> Ron Teitelbaum
>
>>
>> Thanks
>>
>> Paul
>>
>>
>>
>> --
>> View this message in context: http://forum.world.st/SqueakSSL-fixes-
>> tp4743244p4744392.html
>> Sent from the Squeak VM mailing list archive at Nabble.com.
--
View this message in context: http://forum.world.st/SqueakSSL-fixes-tp4743244p4744443.html
Sent from the Squeak VM mailing list archive at Nabble.com.
More information about the Vm-dev
mailing list