[Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:Ron Teitelbaum ron at usmedrec.comWed Oct 21 02:23:12 UTC 2015
> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf Of > Robert Withers > Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] > RandomGenerator class>>unpredictableStringsDo: > > Ron, > > I checked that email and there is no mention of who it was sent to now this > SFLC advisors. Ok that must be the Software Freedom Law Center. I just > reached out to them on this. [Ron Teitelbaum] It was set to Dan Ravicher but not sure if he is still there. http://lists.squeakfoundation.org/pipermail/cryptography/2005-November/000084.html > > Thank you, > Robert > > On 10/19/2015 06:25 PM, Ron Teitelbaum wrote: > > Hi Robert, > > > > I went back and reviewed and this is what I sent to BIS. > > > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/ > > 000117.html > > > > Not much to it but we got a lot of advice from SFLC first. > > > > >From our research OS projects are allowed to host cryptographic code > > >and make available for anyone to download. BUT that does not exclude > > >users of the code from being restrained from exporting that code to > > >any USA identified restricted entities. For example: > > >http://www.state.gov/j/ct/list/c14151.htm > > > > I would recommend at the very least to register the repo with the BIS for > Pharo, but I would also contact the SFLC to verify nothing has changed. > > > > All the best, > > > > Ron > > > >> -----Original Message----- > >> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf > >> Of Robert Withers > >> Sent: Monday, October 19, 2015 5:28 PM > >> To: The general-purpose Squeak developers list; 'Chris Muller' > >> Cc: 'Pharo Development List' > >> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] > >> RandomGenerator class>>unpredictableStringsDo: > >> > >> (resending with Pharo list) > >> > >> Ron, would it be an easy process to add a second URL to the exception > >> paperwork. Pharo does have new ideas about code storage and > >> distribution that we would want to take advantage of. This would help a > lot! > >> > >> Then again, screw their paperwork requirements of us. Put my name as > >> responsible on the Pharo code and I'll take a trip to Cuba, if they > >> need a scape goat for their 20th century thinking. Crypto is already > >> out of the bag and everyone uses it freely. Just do it and ask permission > later. > >> > >> In thinking about consolidating crypto code between squeak and pharo, > >> I would guess there would be a thin capatibility layer for each > >> system, then the Crypto code in the main. My goal is to have > >> compatibility, crypto and plugins on both virtual platforms. > >> > >> Thanks so much ^^ > >> > >> Robert > >> > >> On 10/19/2015 05:17 PM, Ron Teitelbaum wrote: > >>> Hi Chris, > >>> > >>> The exemption is not for the location of the server but the URL > >>> where it is > >> hosted. I'm happy to help in any way I can but I don't have access > >> to the Pharo Repos. I have no issue with having Pharo packages on > >> SqueakSource if that is what everyone agrees too. We have multiple > packages hosted there. > >> It's ok with me if we host some pharo code there too. > >>> All the best, > >>> > >>> Ron > >>> > >>>> -----Original Message----- > >>>> From: Chris Muller [mailto:ma.chris.m at gmail.com] > >>>> Sent: Monday, October 19, 2015 3:59 PM > >>>> To: Ron Teitelbaum > >>>> Cc: Pharo Development List; The general-purpose Squeak developers > >>>> list > >>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] > >>>> RandomGenerator class>>unpredictableStringsDo: > >>>> > >>>> Heh, well, since then SqueakSource itself was moved to a different > >>>> server in a different country. I guess there was also a mirror of > >>>> SqueakSource hosted in Chile under a different URL for many years. > >>>> > >>>> I'm doubtful any of it matters, but we wouldn't want anyone to end > >>>> up in Gitmo over it. If you're uncomfortable about hosting a copy > >>>> elsewhere, then please at least namespace-prefix the Pharo-specific > >>>> packages, to at least help keep it from becoming a tangled mess. > >>>> > >>>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum > <ron at usmedrec.com> > >>>> wrote: > >>>>> Hi All, > >>>>> > >>>>> Unless someone filed the proper paperwork I would suggest NOT > >>>>> moving > >>>> the cryptography code anywhere except for SqueakSource. When we > >>>> started the project we spent time ensuring that we had a proper > >>>> exemption from the U.S. regulations on exporting cryptographic code. > >>>> If someone copied and forked the code that exemption may not still > >>>> apply to that new repository. > >>>>> I'm not personally involved with the code on Pharo, not sure who > >>>>> is doing > >>>> crypto there. > >>>>> All the best, > >>>>> > >>>>> Ron > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On > >>>>>> Behalf Of Chris Muller > >>>>>> Sent: Monday, October 19, 2015 2:47 PM > >>>>>> To: The general-purpose Squeak developers list > >>>>>> Cc: Pharo Development List > >>>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to > >>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo: > >>>>>> > >>>>>> Yes, if a common package for both Squeak and Pharo is possible, > >>>>>> that'd be great. Otherwise, the Squeak and Pharo versions should > >>>>>> reside in separate repositories. Squeak users are still using > >>>>>> squeaksource.com, Pharo moved to smalltalkhub and beyond.. > >>>>>> > >>>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers > >>>>>> <robert.w.withers at gmail.com> wrote: > >>>>>>> hey Ron, > >>>>>>> > >>>>>>> It was actually the Pharo Cryptography team I was thinking of. > >>>>>>> Perhaps we can get the same package to work in both squeak and > >>>>>>> Pharo, with use of installable entropy sources or the like. In > >>>>>>> order to get SqueakElib running in Pharo I need crypto and we > >>>>>>> may as > >>>> well do it right. > >>>>>>> Cheers, > >>>>>>> Robert > >>>>>>> > >>>>>>> > >>>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote: > >>>>>>>> Hi Robert, > >>>>>>>> > >>>>>>>> You are already on the Cryptograph repo on SqueakSource.com as > >>>>>>>> an > >>>>>> admin. > >>>>>>>> Please feel free to reorg if you like. > >>>>>>>> > >>>>>>>> Let me know if you have trouble resurrecting your account. > >>>>>>>> > >>>>>>>> All the best, > >>>>>>>> > >>>>>>>> Ron > >>>>>>>> > >>>>>>>>> -----Original Message----- > >>>>>>>>> From: squeak-dev-bounces at lists.squeakfoundation.org > >>>>>>>>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On > >>>>>>>>> Behalf Of Robert Withers > >>>>>>>>> Sent: Monday, October 19, 2015 1:53 PM > >>>>>>>>> To: squeak-dev at lists.squeakfoundation.org > >>>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to > >>>>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo: > >>>>>>>>> > >>>>>>>>> This is great guys. Is there a way to get this from the image? > >>>>>>>>> Good to get > >>>>>>>> it > >>>>>>>>> with an FFI/OSProcess call or something. > >>>>>>>>> > >>>>>>>>> Thank you, > >>>>>>>>> Robert > >>>>>>>>> > >>>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote: > >>>>>>>>>> Hi Guys, > >>>>>>>>>> > >>>>>>>>>> How about getting the CPU temperature. I think most CPUs > >>>>>>>>>> support "Digital Thermal Sensor" (I'm not sure about ARM). I > >>>>>>>>>> think it is seven bits. The real range should be less than > >>>>>>>>>> that but it may be enough to help add some entropy. > >>>>>>>>>> > >>>>>>>>>> Lou > >>>>>>>>>> > >>>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers > >>>>>>>>>> <robert.w.withers at gmail.com> wrote: > >>>>>>>>>> > >>>>>>>>>>> Hi Ron , nice to see you too! It has been a number of years, > >>>>>>>>>>> hasn't > >>>> it? > >>>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I hope > >>>>>>>>>>> these have been kind years to you, as they have for me. > >>>>>>>>>>> > >>>>>>>>>>> I love the idea of optional sources of entropy, depending on > >>>>>>>>>>> the deployed capabilities. So there are our mouse points and > >>>>>>>>>>> such, because they ought to be optional. > >>>>>>>>>>> > >>>>>>>>>>> What are some reliably present sources in the most minimal > >>>>>> situation? > >>>>>>>>>>> If we could define minimal as an image with no image level > >>>>>>>>>>> I/O beyond file I/O, I would think we'd have: Kernel, > >>>>>>>>>>> System, Collections, Compiler and FFI. Some intransitives in > >>>>>>>>>>> that scope for entropy would be > >>>>>>>>> grand. > >>>>>>>>>>> > >>>>>>>>>>> I was thinking to take 5 millisecondClockValues, separated > >>>>>>>>>>> by > >>>>>>>>>>> 4 non-secure random intervals: take the low order byte of > >>>>>>>>>>> the > >>>>>>>>>>> 4 intervals and reverse & concat them, as a entropic source. > >>>>>>>>>>> > >>>>>>>>>>> I can coordinate these changes. Ron, could you add me to the > >>>>>>>>>>> Cryptography team so I can upload the Pharo Cryptography > >>>>>>>>> #bleedingEdge? > >>>>>>>>>>> > >>>>>>>>>>> Thanks and I look forward to more, :) > >>>>>>>>>>> > >>>>>>>>>>> Robert > >>>>>>>>>>> > >>>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote: > >>>>>>>>>>>> Hi Robert, > >>>>>>>>>>>> > >>>>>>>>>>>> Nice to see you! > >>>>>>>>>>>> > >>>>>>>>>>>> Looks interesting I know that Chris did something gathering > >>>>>>>>>>>> sources of > >>>>>>>>> entropy. Seems like the more the better. Could you just make > >>>>>>>>> the entropy sources optional such that if they exist we use them? > >>>>>>>>> I would have to go back and see what Chris did but he was > >>>>>>>>> following suggestions from Schneider in his secureRandom. > >>>>>>>>>>>> > >>>>>>>>>>>> All the best, > >>>>>>>>>>>> > >>>>>>>>>>>> Ron Teitelbaum > >>>>>>>>>>>> > >>>>>>>>>>>>> -----Original Message----- > >>>>>>>>>>>>> From: Pharo-dev [mailto:pharo-dev- > bounces at lists.pharo.org] > >>>>>>>>>>>>> On Behalf Of Robert Withers > >>>>>>>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM > >>>>>>>>>>>>> To: The general-purpose Squeak developers list; Pharo > >>>>>>>>>>>>> Development List > >>>>>>>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] > >>>>>>>>>>>>> RandomGenerator > >>>>>>>>>>>>> class>>unpredictableStringsDo: > >>>>>>>>>>>>> > >>>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing method, > >>>>>>>>>>>>> followed by my modified Pharo method below. I welcome > any > >>>>>> feedback. > >>>>>>>>>>>>> Regards, > >>>>>>>>>>>>> Robert > >>>>>>>>>>>>> > >>>>>>>>>>>>> --- > >>>>>>>>>>>>> Existing: > >>>>>>>>>>>>> unpredictableStringsDo: aBlock > >>>>>>>>>>>>> "Enumerate sources of information from my > >>>>>>>>>>>>> environment that > >>>>>>>>> should > >>>>>>>>>>>>> be generally hard to guess." > >>>>>>>>>>>>> | time | > >>>>>>>>>>>>> time := Time millisecondsToRun: > >>>>>>>>>>>>> [ aBlock > >>>>>>>>>>>>> value: World imageForm bits > >>>>>>>>>>>>> compressToByteArray ; > >>>>>>>>>>>>> value: Sensor mousePoint x asString ; > >>>>>>>>>>>>> value: Sensor mousePoint y asString ; > >>>>>>>>>>>>> value: Time > >>>>>>>>>>>>> millisecondClockValue asByteArray ; > >>>>>>>>>>>>> value: Date today asString ; > >>>>>>>>>>>>> value: Time now asString ; > >>>>>>>>>>>>> value: Display extent asString. > >>>>>>>>>>>>> 100 timesRepeat: [ aBlock value: UUID new ]. > >>>>>>>>>>>>> #(vmVersion platformName primVmPath > >>>>>>>>>>>>> imageName > >>>>>>>>> platformSubtype > >>>>>>>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString > >>>>>>>>>>>>> imageName) > >>>>>>>>>>>>> collect: > >>>>>>>>>>>>> [ : each | > >>>>>>>>>>>>> aBlock value: (SmalltalkImage > >>>>>>>>>>>>> current > >>>>>>>>>>>>> perform: each) > >>>>>>>>> asByteArray > >>>>>>>>>>>>> ] ]. > >>>>>>>>>>>>> aBlock > >>>>>>>>>>>>> value: time asByteArray; > >>>>>>>>>>>>> "maybe the pointer has moved, hit it again." > >>>>>>>>>>>>> value: Sensor mousePoint asString ; > >>>>>>>>>>>>> value: Time millisecondClockValue > >>>>>>>>>>>>> asByteArray > >>>>>>>>>>>>> > >>>>>>>>>>>>> --- > >>>>>>>>>>>>> Pharo port: > >>>>>>>>>>>>> unpredictableStringsDo: aBlock > >>>>>>>>>>>>> "Enumerate sources of information from my > >>>>>>>>>>>>> environment that > >>>>>>>>> should > >>>>>>>>>>>>> be generally hard to guess." > >>>>>>>>>>>>> > >>>>>>>>>>>>> | time | > >>>>>>>>>>>>> time := Time millisecondsToRun: > >>>>>>>>>>>>> [ aBlock > >>>>>>>>>>>>> value: Time > >>>>>>>>>>>>> millisecondClockValue asByteArray ; > >>>>>>>>>>>>> value: Date today asString ; > >>>>>>>>>>>>> value: Time now asString. > >>>>>>>>>>>>> 100 timesRepeat: [ aBlock value: UUID new ]. > >>>>>>>>>>>>> #(version primImagePath imagePath > >>>>>>>>>>>>> datedVersion > >>>>>>>>>>>>> lastQuitLogPosition) > >>>>>>>>>>>>> collect: > >>>>>>>>>>>>> [ : each | > >>>>>>>>>>>>> aBlock value: (SmalltalkImage > >>>>>>>>>>>>> current > >>>>>>>>>>>>> perform: each) > >>>>>>>>> asByteArray > >>>>>>>>>>>>> ] ]. > >>>>>>>>>>>>> aBlock > >>>>>>>>>>>>> value: time asByteArray; > >>>>>>>>>>>>> value: Time millisecondClockValue > >>>>>>>>>>>>> asByteArray > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote: > >>>>>>>>>>>>>> This is a message intended for anyone who was on the > >>>>>>>>>>>>>> Cryptography > >>>>>>>>> team. > >>>>>>>>>>>>>> I recently ported it to Pharo and had to make changes to > >>>>>>>>>>>>> RandomGenerator > >>>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly removed > >>>>>>>>>>>>>> class>>some uncertainty > >>>>>>>>>>>>>> from the results of this message. My question is what > >>>>>>>>>>>>>> should I do about that? This method seems to require > >>>>>>>>>>>>>> non-headless, as it is checking the mouse point and such. > >>>>>>>>>>>>>> This being a crypto cornerstone, what the best answer > here. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Thank you, > >>>>>>>>>>>>>> Robert > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>> ----------------------------------------------------------- > >>>>>>>>>> Louis LaBrunda > >>>>>>>>>> Keystone Software Corp. > >>>>>>>>>> SkypeMe callto://PhotonDemon > >>>>>>>>>> mailto:Lou at Keystone-Software.com http://www.Keystone- > >>>>>> Software.com > >>>>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>> > >>> > > > > >
More information about the Squeak-dev mailing list |