[Cryptography Team] Re: [squeak-dev] DigitalSignatureAlgorithm>>#initRandomNonInteractively is not random

Rob Withers reefedjib at gmail.com
Mon Aug 23 15:09:14 UTC 2010


Hi Chris,

It works really well.  The only issue now is the DigitalSignatureAlgorithm 
is located in the core squeak image and the changes I made are in the 
Cryptography package.   It would be nice to fold Cryptography into the core 
squeak image, or pull DigitalSignatureAlgorithm out into Cryptography.

Rob

--------------------------------------------------
From: "Chris Muller" <asqueaker at gmail.com>
Sent: Sunday, August 22, 2010 5:35 PM
To: "The general-purpose Squeak developers list" 
<squeak-dev at lists.squeakfoundation.org>
Cc: "Squeak Crypto" <cryptography at lists.squeakfoundation.org>
Subject: [Cryptography Team] Re: [squeak-dev] 
DigitalSignatureAlgorithm>>#initRandomNonInteractively is not random

> Good, SecureRandom employs its #generateKey method (on the class side)
> to initialize its 'picker' (class-instance var).  This was intended to
> serve as a globally usable SecureRandom so that clients like
> DigitalSignatureAlgorithm would not have to define their own.
>
> On Sat, Aug 21, 2010 at 5:30 AM, Rob Withers <reefedjib at gmail.com> wrote:
>> I found a problem with
>> DigitalSignatureAlgorithm>>#initRandomNonInteractively.  It is grabbing
>> randomBits from the SoundSystem, but I may not have that installed.  It 
>> gave
>> me the same bits repeatedly.  I modified
>> DigitalSignatureAlgorithm>>#initRandomNonInteractively to not rely on the
>> SoundSystem and instead use SecureRandom.  This is published in the
>> Cryptography repository.
>>
>> Rob
>>
>>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> 



More information about the Squeak-dev mailing list