Hi crypto-squeakers,
I just signed up for the list, and I come with a friendship-offering
of code!
Before we get to the goodies, a few words about myself...
I've been a Squeaker since '98 or so, and have always found
cryptography fascinating. Like everyone, I don't have the time to
engage in everything that I find interesting. Lucky for me, my job
now gives me a reason to use and contribute the Squeak crypto
codebase. I probably won't tackle broad framework issues (it looks
like everyone is doing a fine job, anyway), but I expect to at least
provide primitive implementations for a cipher or two.
The task at hand is to implement a custom audio- and video-
conferencing framework, and it needs to be secure. It doesn't need
to follow standards such as SRTP (thank goodness, given the
timeline), but it does need to perform well. Therefore, it needs to
be implemented over UDP. I intend to implement a transport layer
similar to DTLS (google rfc4347). Since this requires a cipher that
can efficiently reset its state from an initialization vector (thus
ruling out RC4, which we have been using for other purposes), I'll
probably want to use Rijndael.
Now for the goodies. I have two .mcz files that I'm attaching; I
trust that they're small enough to not inconvenience anyone on dial-up:
Cryptography-Core.jcg.18
- some speed improvements
- a simple framework for using insecure ciphers, but not accidentally
Cryptography-Insecure
- a couple of trivial, insecure block ciphers for use in testing
I don't fancy always sending .mcz files to the list... how does one
get commit access to the repository? Or should I (for now) just
send .mcz files privately to a team member who does have commit access?
Thanks for all the work that everyone has done, it looks great!
Cheers,
Josh