Smalltalk › Squeak › Squeak - Dev

Crypto?

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

8 messages Options

Casey Ransberger-2

Crypto?

What's the usual best practice around crypto in Squeak? Usually rolling one's own crypto is a ridonculously bad idea so... do folks usually pipe things to and from the cryptography of the underlying OS using OSProcess?

Levente Uzonyi-2

Re: Crypto?

On Mon, 29 Mar 2010, Casey Ransberger wrote:

> What's the usual best practice around crypto in Squeak? Usually rolling
> one's own crypto is a ridonculously bad idea so... do folks usually pipe
> things to and from the cryptography of the underlying OS using OSProcess?
>

There was a Cryptography team a few years ago with a few devs and big
plans, but the team disappeared somehow... Anyway we have some usable
code and a lot of half baked stuff here:
http://www.squeaksource.com/Cryptography.html
Start with Cryptography-cmm.11.mcz if you're interested.

People are usually looking for three stuff:
- hashes (MD5, SHA1, etc). These work pretty well. I think MD5 should be
added to Squeak in the future.
- SSL. It's somewhat broken (has issues with certificates IIRC) and really
slow if used without the DESPlugin. The Cobalt developers forked the
Cryptography package and fixed lots of stuff about SSL. But if you just
want to fetch a few web pages, you better try curl first.
- SSH. That's pre-alpha. :)

Levente

garduino

Re: Crypto?

I think that we need also some industry algorithms as DES, TripleDES,
Blowfish, AES.

I never had the time to help to the Crypto team, and did a product
using encrytion on Dolphin, but should try to implement here
somethings.....as allways.......when time permits :(

2010/3/29 Levente Uzonyi <[hidden email]>:

> On Mon, 29 Mar 2010, Casey Ransberger wrote:
>
>> What's the usual best practice around crypto in Squeak? Usually rolling
>> one's own crypto is a ridonculously bad idea so... do folks usually pipe
>> things to and from the cryptography of the underlying OS using OSProcess?
>>
>
> There was a Cryptography team a few years ago with a few devs and big plans,
> but the team disappeared somehow... Anyway we have some usable code and a
> lot of half baked stuff here: http://www.squeaksource.com/Cryptography.html
> Start with Cryptography-cmm.11.mcz if you're interested.
>
> People are usually looking for three stuff:
> - hashes (MD5, SHA1, etc). These work pretty well. I think MD5 should be
> added to Squeak in the future. - SSL. It's somewhat broken (has issues with
> certificates IIRC) and really slow if used without the DESPlugin. The Cobalt
> developers forked the Cryptography package and fixed lots of stuff about
> SSL. But if you just want to fetch a few web pages, you better try curl
> first.
> - SSH. That's pre-alpha. :)
>
>
> Levente
>
>

--
=================================================
Germán S. Arduino <gsa @ arsol.net> Twitter: garduino
Arduino Software & Web Hosting http://www.arduinosoftware.com
PasswordsPro http://www.passwordspro.com
=================================================

Levente Uzonyi-2

Re: Crypto?

On Tue, 30 Mar 2010, Germán Arduino wrote:

> I think that we need also some industry algorithms as DES, TripleDES,
> Blowfish, AES.

I'm unsure about Blowfish, but the other algorithms are implemented. DES
(and therefore TripleDES) even has a plugin to make it useable. I started
to write a plugin for AES but it's half baked.

Levente

>
> I never had the time to help to the Crypto team, and did a product
> using encrytion on Dolphin, but should try to implement here
> somethings.....as allways.......when time permits :(
>
>
> 2010/3/29 Levente Uzonyi <[hidden email]>:
>> On Mon, 29 Mar 2010, Casey Ransberger wrote:
>>
>>> What's the usual best practice around crypto in Squeak? Usually rolling
>>> one's own crypto is a ridonculously bad idea so... do folks usually pipe
>>> things to and from the cryptography of the underlying OS using OSProcess?
>>>
>>
>> There was a Cryptography team a few years ago with a few devs and big plans,
>> but the team disappeared somehow... Anyway we have some usable code and a
>> lot of half baked stuff here: http://www.squeaksource.com/Cryptography.html
>> Start with Cryptography-cmm.11.mcz if you're interested.
>>
>> People are usually looking for three stuff:
>> - hashes (MD5, SHA1, etc). These work pretty well. I think MD5 should be
>> added to Squeak in the future. - SSL. It's somewhat broken (has issues with
>> certificates IIRC) and really slow if used without the DESPlugin. The Cobalt
>> developers forked the Cryptography package and fixed lots of stuff about
>> SSL. But if you just want to fetch a few web pages, you better try curl
>> first.
>> - SSH. That's pre-alpha. :)
>>
>>
>> Levente
>>
>>
>
>
>
> --
> =================================================
> Germán S. Arduino <gsa @ arsol.net> Twitter: garduino
> Arduino Software & Web Hosting http://www.arduinosoftware.com
> PasswordsPro http://www.passwordspro.com
> =================================================
>
>

garduino

Re: Crypto?

2010/3/30 Levente Uzonyi <[hidden email]>:
> I'm unsure about Blowfish, but the other algorithms are implemented. DES
> (and therefore TripleDES) even has a plugin to make it useable. I started to
> write a plugin for AES but it's half baked.
>

I saw (when tried time ago) but never can did them works
properly....May be are my own
faults about how to deal with these plugins....Do you know some tutorial or so?

Chris Muller-3

Re: Crypto?

In reply to this post by Casey Ransberger-2

There is no "usual best practice around crypto" in Squeak or any other
technology. "Crypto" is just one primitive tool of several needed for
digital security, and depending on what the security requirements
are..

Squeak's Cryptography package works and includes test-cases
demonstrating its various capabilities.

On Mon, Mar 29, 2010 at 8:16 PM, Casey Ransberger
<[hidden email]> wrote:
> What's the usual best practice around crypto in Squeak? Usually rolling
> one's own crypto is a ridonculously bad idea so... do folks usually pipe
> things to and from the cryptography of the underlying OS using OSProcess?

If it is not absolutely crucial to be 100% secure, then using
lower-level may suffice. IMO, ultimately, the end-to-end argument
cannot be denied, which is why we protect our sensitive bits at the
core (e.g., the domain objects themselves)..

>
>

Levente Uzonyi-2

Re: Crypto?

In reply to this post by garduino

On Tue, 30 Mar 2010, Germán Arduino wrote:

> 2010/3/30 Levente Uzonyi <[hidden email]>:
>> I'm unsure about Blowfish, but the other algorithms are implemented. DES
>> (and therefore TripleDES) even has a plugin to make it useable. I started to
>> write a plugin for AES but it's half baked.
>>
>
> I saw (when tried time ago) but never can did them works
> properly....May be are my own
> faults about how to deal with these plugins....Do you know some tutorial or so?
>
>

These algorithms work without plugins, they are written in smalltalk. I
don't think there are tutorials, but there are lots of tests. Those can
serve as examples.

Levente

garduino

Re: Crypto?

2010/3/30 Levente Uzonyi <[hidden email]>:

> On Tue, 30 Mar 2010, Germán Arduino wrote:
>
>> 2010/3/30 Levente Uzonyi <[hidden email]>:
>>>
>>> I'm unsure about Blowfish, but the other algorithms are implemented. DES
>>> (and therefore TripleDES) even has a plugin to make it useable. I started
>>> to
>>> write a plugin for AES but it's half baked.
>>>
>>
>> I saw (when tried time ago) but never can did them works
>> properly....May be are my own
>> faults about how to deal with these plugins....Do you know some tutorial
>> or so?
>>
>>
>
> These algorithms work without plugins, they are written in smalltalk. I
> don't think there are tutorials, but there are lots of tests. Those can
> serve as examples.
>

ahh, ok, not problem with the Smalltalk code.

My fault is when plugins are needed.

Cheers.
Germán.