I know we've talked about our package structure before but..
As I work through this book, I have some fixes and additions to our Crytography packages. Here is a list of things I plan to post in the coming days:
- addition of entropic sources for seed material - addition of the CTR (counter) cipher mode - addition of the "Fortuna" random generator - fix for seriously broken MillerRabin algorithm preventing generation of proper-sized asymmetric keys (i.e., for Diffie-Hellman / ElGamal and maybe RSA too).
For the first one "entropic sources for seed material". It individually hashes unpredictable strings from the users environment such as:
- current directory - Time millisecondClockValue - World imageForm bits compressToByteArray - SmalltalkImage current vmStatisticsReportString - Sensor mousePoint - etc., etc.
and then finally SHA256 hashes the concatentation of all of those hashes. Slow, but totally unpredictable.
I've started by implementing SecureRandom class>>#entropicSourcesDo: which is used by SecureRandom class>>#randomSeed. But SecureRandom is in the "CryptographyBase" package, so I can't use SHA1 and SHA256.
It seems to me that many crypto primitives are built from other ones. Wouldn't it be easier to have everything back in one package? What are we trying to accomplish here by having them all in separate packages?
How should I proceed?
Thanks, Chris
Chris,
The reason for the separate packages is to make it easier for people to find and load what they need. If I only need a cipher then I shouldn't have to load all the packages.
If I understand correctly SecureRandom relies on external packages, so either the external packages become part of base, or SecureRandom needs to come out of base, and should have SHA1 and SHA256 as a prerequisite. (I'm not sure how to define prerequisites in MC maybe Cees or someone can help there).
I would vote for pulling SecureRandom out of base. I believe there are benefits to having multiple packages. I wouldn't want to see that removed, if anything having separate packages, having to stop and decipher what the package names mean, as a first place to start understanding cryptography is useful in itself. What does everyone else think?
Ron Teitelbaum
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Chris Muller Sent: Monday, February 13, 2006 4:10 PM To: cryptography@lists.squeakfoundation.org Subject: [Cryptography Team] package structure
I know we've talked about our package structure before but..
As I work through this book, I have some fixes and additions to our Crytography packages. Here is a list of things I plan to post in the coming days:
- addition of entropic sources for seed material
- addition of the CTR (counter) cipher mode
- addition of the "Fortuna" random generator
- fix for seriously broken MillerRabin algorithm
preventing generation of proper-sized asymmetric keys (i.e., for Diffie-Hellman / ElGamal and maybe RSA too).
For the first one "entropic sources for seed material". It individually hashes unpredictable strings from the users environment such as:
- current directory
- Time millisecondClockValue
- World imageForm bits compressToByteArray
- SmalltalkImage current vmStatisticsReportString
- Sensor mousePoint
- etc., etc.
and then finally SHA256 hashes the concatentation of all of those hashes. Slow, but totally unpredictable.
I've started by implementing SecureRandom class>>#entropicSourcesDo: which is used by SecureRandom class>>#randomSeed. But SecureRandom is in the "CryptographyBase" package, so I can't use SHA1 and SHA256.
It seems to me that many crypto primitives are built from other ones. Wouldn't it be easier to have everything back in one package? What are we trying to accomplish here by having them all in separate packages?
How should I proceed?
Thanks, Chris _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Hi Chris and all, I think I agree with Ron, perhaps we should take SecureRandom (and RandomPool) out of the base. About collecting randomness, do you think we need SecureRandom class>>#entropicSourcesDo:? Shouldn't we use a RandomPool?
Luciano
On 2/13/06, Chris Muller chris@funkyobjects.org wrote:
I know we've talked about our package structure before but..
As I work through this book, I have some fixes and additions to our Crytography packages. Here is a list of things I plan to post in the coming days:
- addition of entropic sources for seed material
- addition of the CTR (counter) cipher mode
- addition of the "Fortuna" random generator
- fix for seriously broken MillerRabin algorithm
preventing generation of proper-sized asymmetric keys (i.e., for Diffie-Hellman / ElGamal and maybe RSA too).
For the first one "entropic sources for seed material". It individually hashes unpredictable strings from the users environment such as:
- current directory
- Time millisecondClockValue
- World imageForm bits compressToByteArray
- SmalltalkImage current vmStatisticsReportString
- Sensor mousePoint
- etc., etc.
and then finally SHA256 hashes the concatentation of all of those hashes. Slow, but totally unpredictable.
I've started by implementing SecureRandom class>>#entropicSourcesDo: which is used by SecureRandom class>>#randomSeed. But SecureRandom is in the "CryptographyBase" package, so I can't use SHA1 and SHA256.
It seems to me that many crypto primitives are built from other ones. Wouldn't it be easier to have everything back in one package? What are we trying to accomplish here by having them all in separate packages?
How should I proceed?
Thanks, Chris
cryptography@lists.squeakfoundation.org