[Vm-dev] Re: SqueakSSL fixes

Ron Teitelbaum ron at usmedrec.com
Mon Feb 17 17:32:37 UTC 2014


> From: Paul DeBruicker
> 
> 
> Göran Krampe wrote
> >
> > ...phew. Ok, let me know if you need anything more and ask questions.
> >
> > regards, Göran
> 
> 
> Hi  Göran,
> 
> On the Seaside Dev list there was a discussion about accessing RAND_bytes from
> OpenSSL via the SqueakSSL plugin for secure key generation.  Is that something
> that would be possible to add to the SqueakSSL plugin at this time?
> 
> The discussion is here:
> 
> http://forum.world.st/Seaside-Security-td4742433.html
> 

Hi Paul,

I may be missing something so maybe you could answer a question for me.  The best cryptography is the simplest for developers to implement.  I understand wanting to provide crypto components, that's what we did with the Cryptography Team.  SqueakSSL is a much better solution for adding security to end user (developers) of seaside.  The reason for this is that all of the technical details are left for the professionals.  SqueakSSL uses OpenSSL on Linux and the windows security implementation on windows, and the apple security implementation on mac.  You really can't get better than that.  SqueakSSL eliminates your need for PRNG, since it is used and implemented properly on each platform.  So given that, why do you need PRNG?  If you are implementing your own secure stream, you had better know what you are doing, in which case PRNG becomes less of an issue, since there are a lot of platform specific solutions.  

If you are sure you need it we did one in Cryptography which might be useful.  If you really feel like you need a proper platform specific random generator see the Croquet plugin and TCryptoRandom.  

Also if you are planning on using SSL on a Linux server I would highly recommend using STUD.  

All the best,

Ron Teitelbaum

> 
> Thanks
> 
> Paul
> 
> 
> 
> --
> View this message in context: http://forum.world.st/SqueakSSL-fixes-
> tp4743244p4744392.html
> Sent from the Squeak VM mailing list archive at Nabble.com.




More information about the Vm-dev mailing list