Hey Nicolas,

To a very large extent, having these older dated functions available adds to the nature of Squeak Cryptography aas an encryption sandbox for educational experiences in studying cryptography. My ParrotTalk allows DES & TripleDES. Typically, I use AESCBC when running it. I think I am using SHA256.

I have just now folded in the Blowfish impplementation and subclassed uit from BlockCipher and adopted the BlockCipher protocol (#key:, #encryptBlock:, #decryptBlock:). All Blowfish tests call the old interface but that test class is present and green. New Blowfish tests of the BlockCipher protocol needs writing.

There is a newer version of Cryptography-v5.3-rww.119 with Blowfish included.

Having all these excellent variants of HashFunction, up to SHA512 would be a major addition to Cryptography, and I would need to change the settingsMap for ParrotTalk to include cipher and hash specifications. The forthcoming ParrotTalk v3.8 would adopt that, as well as naming and bridging for double encryption.

Kindly,
rabbit

On 3/5/20 4:24 PM, Nicolas Cellier wrote:

> Hi all,
>
> For the agnostics like me, it's good to read some introduction like
> https://www.garykessler.net/library/crypto.html#desmath
>
> Relying only on obsolete technos like DESPlugin is a no go, it's not safe for years.
> Even Triple-DES is also on its way to retirement, see for example
> https://crypto.stackexchange.com/questions/51629/is-triple-des-still-considered-safe-to-use
>
> MD5 also is not anymore a secure hash, it's just OK for checksum.
>
> So having an uptodate Cryptography package is super important.
> Robert, thank you for the initiative!
>
> Le jeu. 5 mars 2020 à 19:11, Robert via Squeak-dev <squeak-dev at lists.squeakfoundation.org> a écrit :
>
>> Oh yes, Levente, I recall speaking with you about it. I would like to
>> make a proposal. Do you think you could fold all those hash functions,
>> without the HA, into the Cryptography library? We have a HashFunction
>> class in there, I do not know how different they may be in their public
>> interface. I think it would be valuable to combine them. To support TLS
>> 1.3, we would also need elliptical Diffie-Hellmans, I think.
>>
>> Levente, would you be willing to fold your work into Cryptography?
>>
>> Kindly,
>> Robert
>>
>> On 3/5/20 12:43 PM, Levente Uzonyi wrote:
>>> Hi Robert,
>>>
>>> The mail you are looking for is here:
>>> http://lists.squeakfoundation.org/pipermail/vm-dev/2020-March/032986.html
>>>
>>> Since that email, to make life easier to those who have the Cryptography
>>> package loaded in their images, I've uploaded another variant of
>>> Hasher: HAHasher. It's the same as the Hasher package but all class
>>> names are prefixed with HA.
>>> To load that, evaluate:
>>>
>>> Installer ss
>>>       project: 'Registers';
>>>       install: 'Registers';
>>>       project: 'Hasher';
>>>       install: 'HAHasher'.
>>>
>>> And then you can write
>>>
>>> HAHashFunction newSHA512 hashMessage: 'test'.
>>>
>>>
>>> Levente
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20200305/f06812de/attachment.html>