[Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
This is a message intended for anyone who was on the Cryptography team.
I recently ported it to Pharo and had to make changes to RandomGenerator
class>>unpredictableStringsDo:. This certainly removed some uncertainty
from the results of this message. My question is what should I do about
that? This method seems to require non-headless, as it is checking the
mouse point and such. This being a crypto cornerstone, what the best
answer here.

Thank you,
Robert

Reply | Threaded
Open this post in threaded view
|

Re: [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
I'm sorry, I forgot the code. I list the existing method, followed by my
modified Pharo method below. I welcome any feedback.

Regards,
Robert

---
Existing:
unpredictableStringsDo: aBlock
        "Enumerate sources of information from my environment that should be
generally hard to guess."
        | time |
        time := Time millisecondsToRun:
                [ aBlock
                        value: World imageForm bits compressToByteArray ;
                        value: Sensor mousePoint x asString ;
                        value: Sensor mousePoint y asString ;
                        value: Time millisecondClockValue asByteArray ;
                        value: Date today asString ;
                        value: Time now asString ;
                        value: Display extent asString.
                100 timesRepeat: [ aBlock value: UUID new ].
                #(vmVersion platformName primVmPath imageName platformSubtype
datedVersion lastQuitLogPosition vmStatisticsReportString imageName)
collect:
                        [ : each |
                        aBlock value: (SmalltalkImage current perform: each) asByteArray ] ].
        aBlock
                value: time asByteArray;
                "maybe the pointer has moved, hit it again."
                value: Sensor mousePoint asString ;
                value: Time millisecondClockValue asByteArray

---
Pharo port:
unpredictableStringsDo: aBlock
        "Enumerate sources of information from my environment that should be
generally hard to guess."

        | time |
        time := Time millisecondsToRun:
                [ aBlock
                        value: Time millisecondClockValue asByteArray ;
                        value: Date today asString ;
                        value: Time now asString.
                100 timesRepeat: [ aBlock value: UUID new ].
                #(version primImagePath imagePath datedVersion lastQuitLogPosition)
collect:
                        [ : each |
                        aBlock value: (SmalltalkImage current perform: each) asByteArray ] ].
        aBlock
                value: time asByteArray;
                value: Time millisecondClockValue asByteArray


On 10/18/2015 04:23 AM, Robert Withers wrote:

> This is a message intended for anyone who was on the Cryptography team.
> I recently ported it to Pharo and had to make changes to RandomGenerator
> class>>unpredictableStringsDo:. This certainly removed some uncertainty
> from the results of this message. My question is what should I do about
> that? This method seems to require non-headless, as it is checking the
> mouse point and such. This being a crypto cornerstone, what the best
> answer here.
>
> Thank you,
> Robert

Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Ron Teitelbaum
Hi Robert,

Nice to see you!

Looks interesting I know that Chris did something gathering sources of entropy.  Seems like the more the better.  Could you just make the entropy sources optional such that if they exist we use them?  I would have to go back and see what Chris did but he was following suggestions from Schneider in his secureRandom.

All the best,

Ron Teitelbaum

> -----Original Message-----
> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
> Robert Withers
> Sent: Sunday, October 18, 2015 5:00 AM
> To: The general-purpose Squeak developers list; Pharo Development List
> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator
> class>>unpredictableStringsDo:
>
> I'm sorry, I forgot the code. I list the existing method, followed by my
> modified Pharo method below. I welcome any feedback.
>
> Regards,
> Robert
>
> ---
> Existing:
> unpredictableStringsDo: aBlock
> "Enumerate sources of information from my environment that
> should be generally hard to guess."
> | time |
> time := Time millisecondsToRun:
> [ aBlock
> value: World imageForm bits compressToByteArray ;
> value: Sensor mousePoint x asString ;
> value: Sensor mousePoint y asString ;
> value: Time millisecondClockValue asByteArray ;
> value: Date today asString ;
> value: Time now asString ;
> value: Display extent asString.
> 100 timesRepeat: [ aBlock value: UUID new ].
> #(vmVersion platformName primVmPath imageName
> platformSubtype datedVersion lastQuitLogPosition vmStatisticsReportString
> imageName)
> collect:
> [ : each |
> aBlock value: (SmalltalkImage current perform: each)
> asByteArray ] ].
> aBlock
> value: time asByteArray;
> "maybe the pointer has moved, hit it again."
> value: Sensor mousePoint asString ;
> value: Time millisecondClockValue asByteArray
>
> ---
> Pharo port:
> unpredictableStringsDo: aBlock
> "Enumerate sources of information from my environment that
> should be generally hard to guess."
>
> | time |
> time := Time millisecondsToRun:
> [ aBlock
> value: Time millisecondClockValue asByteArray ;
> value: Date today asString ;
> value: Time now asString.
> 100 timesRepeat: [ aBlock value: UUID new ].
> #(version primImagePath imagePath datedVersion
> lastQuitLogPosition)
> collect:
> [ : each |
> aBlock value: (SmalltalkImage current perform: each)
> asByteArray ] ].
> aBlock
> value: time asByteArray;
> value: Time millisecondClockValue asByteArray
>
>
> On 10/18/2015 04:23 AM, Robert Withers wrote:
> > This is a message intended for anyone who was on the Cryptography team.
> > I recently ported it to Pharo and had to make changes to
> RandomGenerator
> > class>>unpredictableStringsDo:. This certainly removed some uncertainty
> > from the results of this message. My question is what should I do about
> > that? This method seems to require non-headless, as it is checking the
> > mouse point and such. This being a crypto cornerstone, what the best
> > answer here.
> >
> > Thank you,
> > Robert



Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
Hi Ron , nice to see you too! It has been a number of years, hasn't it?
Crypto is timestamped back in 2010, so there is is. I hope these have
been kind years to you, as they have for me.

I love the idea of optional sources of entropy, depending on the
deployed capabilities. So there are our mouse points and such, because
they ought to be optional.

What are some reliably present sources in the most minimal situation? If
we could define minimal as an image with no image level I/O beyond file
I/O, I would think we'd have: Kernel, System, Collections, Compiler and
FFI. Some intransitives in that scope for entropy would be grand.

I was thinking to take 5 millisecondClockValues, separated by 4
non-secure random intervals: take the low order byte of the 4 intervals
and reverse & concat them, as a entropic source.

I can coordinate these changes. Ron, could you add me to the
Cryptography team so I can upload the Pharo Cryptography #bleedingEdge?

Thanks and I look forward to more, :)

Robert

On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:

> Hi Robert,
>
> Nice to see you!
>
> Looks interesting I know that Chris did something gathering sources of entropy.  Seems like the more the better.  Could you just make the entropy sources optional such that if they exist we use them?  I would have to go back and see what Chris did but he was following suggestions from Schneider in his secureRandom.
>
> All the best,
>
> Ron Teitelbaum
>
>> -----Original Message-----
>> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
>> Robert Withers
>> Sent: Sunday, October 18, 2015 5:00 AM
>> To: The general-purpose Squeak developers list; Pharo Development List
>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator
>> class>>unpredictableStringsDo:
>>
>> I'm sorry, I forgot the code. I list the existing method, followed by my
>> modified Pharo method below. I welcome any feedback.
>>
>> Regards,
>> Robert
>>
>> ---
>> Existing:
>> unpredictableStringsDo: aBlock
>> "Enumerate sources of information from my environment that
>> should be generally hard to guess."
>> | time |
>> time := Time millisecondsToRun:
>> [ aBlock
>> value: World imageForm bits compressToByteArray ;
>> value: Sensor mousePoint x asString ;
>> value: Sensor mousePoint y asString ;
>> value: Time millisecondClockValue asByteArray ;
>> value: Date today asString ;
>> value: Time now asString ;
>> value: Display extent asString.
>> 100 timesRepeat: [ aBlock value: UUID new ].
>> #(vmVersion platformName primVmPath imageName
>> platformSubtype datedVersion lastQuitLogPosition vmStatisticsReportString
>> imageName)
>> collect:
>> [ : each |
>> aBlock value: (SmalltalkImage current perform: each)
>> asByteArray ] ].
>> aBlock
>> value: time asByteArray;
>> "maybe the pointer has moved, hit it again."
>> value: Sensor mousePoint asString ;
>> value: Time millisecondClockValue asByteArray
>>
>> ---
>> Pharo port:
>> unpredictableStringsDo: aBlock
>> "Enumerate sources of information from my environment that
>> should be generally hard to guess."
>>
>> | time |
>> time := Time millisecondsToRun:
>> [ aBlock
>> value: Time millisecondClockValue asByteArray ;
>> value: Date today asString ;
>> value: Time now asString.
>> 100 timesRepeat: [ aBlock value: UUID new ].
>> #(version primImagePath imagePath datedVersion
>> lastQuitLogPosition)
>> collect:
>> [ : each |
>> aBlock value: (SmalltalkImage current perform: each)
>> asByteArray ] ].
>> aBlock
>> value: time asByteArray;
>> value: Time millisecondClockValue asByteArray
>>
>>
>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>> This is a message intended for anyone who was on the Cryptography team.
>>> I recently ported it to Pharo and had to make changes to
>> RandomGenerator
>>> class>>unpredictableStringsDo:. This certainly removed some uncertainty
>>> from the results of this message. My question is what should I do about
>>> that? This method seems to require non-headless, as it is checking the
>>> mouse point and such. This being a crypto cornerstone, what the best
>>> answer here.
>>>
>>> Thank you,
>>> Robert
>
>
>

Reply | Threaded
Open this post in threaded view
|

[Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Louis LaBrunda
Hi Guys,

How about getting the CPU temperature.  I think most CPUs support "Digital
Thermal Sensor" (I'm not sure about ARM).  I think it is seven bits.  The
real range should be less than that but it may be enough to help add some
entropy.

Lou

On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
<[hidden email]> wrote:

>Hi Ron , nice to see you too! It has been a number of years, hasn't it?
>Crypto is timestamped back in 2010, so there is is. I hope these have
>been kind years to you, as they have for me.
>
>I love the idea of optional sources of entropy, depending on the
>deployed capabilities. So there are our mouse points and such, because
>they ought to be optional.
>
>What are some reliably present sources in the most minimal situation? If
>we could define minimal as an image with no image level I/O beyond file
>I/O, I would think we'd have: Kernel, System, Collections, Compiler and
>FFI. Some intransitives in that scope for entropy would be grand.
>
>I was thinking to take 5 millisecondClockValues, separated by 4
>non-secure random intervals: take the low order byte of the 4 intervals
>and reverse & concat them, as a entropic source.
>
>I can coordinate these changes. Ron, could you add me to the
>Cryptography team so I can upload the Pharo Cryptography #bleedingEdge?
>
>Thanks and I look forward to more, :)
>
>Robert
>
>On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>> Hi Robert,
>>
>> Nice to see you!
>>
>> Looks interesting I know that Chris did something gathering sources of entropy.  Seems like the more the better.  Could you just make the entropy sources optional such that if they exist we use them?  I would have to go back and see what Chris did but he was following suggestions from Schneider in his secureRandom.
>>
>> All the best,
>>
>> Ron Teitelbaum
>>
>>> -----Original Message-----
>>> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
>>> Robert Withers
>>> Sent: Sunday, October 18, 2015 5:00 AM
>>> To: The general-purpose Squeak developers list; Pharo Development List
>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator
>>> class>>unpredictableStringsDo:
>>>
>>> I'm sorry, I forgot the code. I list the existing method, followed by my
>>> modified Pharo method below. I welcome any feedback.
>>>
>>> Regards,
>>> Robert
>>>
>>> ---
>>> Existing:
>>> unpredictableStringsDo: aBlock
>>> "Enumerate sources of information from my environment that
>>> should be generally hard to guess."
>>> | time |
>>> time := Time millisecondsToRun:
>>> [ aBlock
>>> value: World imageForm bits compressToByteArray ;
>>> value: Sensor mousePoint x asString ;
>>> value: Sensor mousePoint y asString ;
>>> value: Time millisecondClockValue asByteArray ;
>>> value: Date today asString ;
>>> value: Time now asString ;
>>> value: Display extent asString.
>>> 100 timesRepeat: [ aBlock value: UUID new ].
>>> #(vmVersion platformName primVmPath imageName
>>> platformSubtype datedVersion lastQuitLogPosition vmStatisticsReportString
>>> imageName)
>>> collect:
>>> [ : each |
>>> aBlock value: (SmalltalkImage current perform: each)
>>> asByteArray ] ].
>>> aBlock
>>> value: time asByteArray;
>>> "maybe the pointer has moved, hit it again."
>>> value: Sensor mousePoint asString ;
>>> value: Time millisecondClockValue asByteArray
>>>
>>> ---
>>> Pharo port:
>>> unpredictableStringsDo: aBlock
>>> "Enumerate sources of information from my environment that
>>> should be generally hard to guess."
>>>
>>> | time |
>>> time := Time millisecondsToRun:
>>> [ aBlock
>>> value: Time millisecondClockValue asByteArray ;
>>> value: Date today asString ;
>>> value: Time now asString.
>>> 100 timesRepeat: [ aBlock value: UUID new ].
>>> #(version primImagePath imagePath datedVersion
>>> lastQuitLogPosition)
>>> collect:
>>> [ : each |
>>> aBlock value: (SmalltalkImage current perform: each)
>>> asByteArray ] ].
>>> aBlock
>>> value: time asByteArray;
>>> value: Time millisecondClockValue asByteArray
>>>
>>>
>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>> This is a message intended for anyone who was on the Cryptography team.
>>>> I recently ported it to Pharo and had to make changes to
>>> RandomGenerator
>>>> class>>unpredictableStringsDo:. This certainly removed some uncertainty
>>>> from the results of this message. My question is what should I do about
>>>> that? This method seems to require non-headless, as it is checking the
>>>> mouse point and such. This being a crypto cornerstone, what the best
>>>> answer here.
>>>>
>>>> Thank you,
>>>> Robert
>>
>>
>>
>
-----------------------------------------------------------
Louis LaBrunda
Keystone Software Corp.
SkypeMe callto://PhotonDemon
mailto:[hidden email] http://www.Keystone-Software.com


Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

timrowledge

> On 19-10-2015, at 5:58 AM, Louis LaBrunda <[hidden email]> wrote:
>
> I think most CPUs support "Digital
> Thermal Sensor" (I'm not sure about ARM).

ARM *is* most cpus. I think we long ago passed the point where more than 50% of all >32bit cpus were ARM.

Typically the temperature of each core is monitored by stuff added around the ARM cores in an SoC, not the ARM itself. For example on a Pi, `vcgencmd measure_temp` works, though strictly speaking that measures the general temp of the SoC - which like many devices that are ARM powered is a large thing to do stuff and just happens to have a few Gips of processor hidden in a small corner.


tim
--
tim Rowledge; [hidden email]; http://www.rowledge.org/tim
Oxymorons: Airline Food



Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
In reply to this post by Louis LaBrunda
This is great guys. Is there a way to get this from the image? Good to
get it with an FFI/OSProcess call or something.

Thank you,
Robert

On 10/19/2015 08:58 AM, Louis LaBrunda wrote:

> Hi Guys,
>
> How about getting the CPU temperature.  I think most CPUs support "Digital
> Thermal Sensor" (I'm not sure about ARM).  I think it is seven bits.  The
> real range should be less than that but it may be enough to help add some
> entropy.
>
> Lou
>
> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
> <[hidden email]> wrote:
>
>> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
>> Crypto is timestamped back in 2010, so there is is. I hope these have
>> been kind years to you, as they have for me.
>>
>> I love the idea of optional sources of entropy, depending on the
>> deployed capabilities. So there are our mouse points and such, because
>> they ought to be optional.
>>
>> What are some reliably present sources in the most minimal situation? If
>> we could define minimal as an image with no image level I/O beyond file
>> I/O, I would think we'd have: Kernel, System, Collections, Compiler and
>> FFI. Some intransitives in that scope for entropy would be grand.
>>
>> I was thinking to take 5 millisecondClockValues, separated by 4
>> non-secure random intervals: take the low order byte of the 4 intervals
>> and reverse & concat them, as a entropic source.
>>
>> I can coordinate these changes. Ron, could you add me to the
>> Cryptography team so I can upload the Pharo Cryptography #bleedingEdge?
>>
>> Thanks and I look forward to more, :)
>>
>> Robert
>>
>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>> Hi Robert,
>>>
>>> Nice to see you!
>>>
>>> Looks interesting I know that Chris did something gathering sources of entropy.  Seems like the more the better.  Could you just make the entropy sources optional such that if they exist we use them?  I would have to go back and see what Chris did but he was following suggestions from Schneider in his secureRandom.
>>>
>>> All the best,
>>>
>>> Ron Teitelbaum
>>>
>>>> -----Original Message-----
>>>> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
>>>> Robert Withers
>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>> To: The general-purpose Squeak developers list; Pharo Development List
>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator
>>>> class>>unpredictableStringsDo:
>>>>
>>>> I'm sorry, I forgot the code. I list the existing method, followed by my
>>>> modified Pharo method below. I welcome any feedback.
>>>>
>>>> Regards,
>>>> Robert
>>>>
>>>> ---
>>>> Existing:
>>>> unpredictableStringsDo: aBlock
>>>> "Enumerate sources of information from my environment that
>>>> should be generally hard to guess."
>>>> | time |
>>>> time := Time millisecondsToRun:
>>>> [ aBlock
>>>> value: World imageForm bits compressToByteArray ;
>>>> value: Sensor mousePoint x asString ;
>>>> value: Sensor mousePoint y asString ;
>>>> value: Time millisecondClockValue asByteArray ;
>>>> value: Date today asString ;
>>>> value: Time now asString ;
>>>> value: Display extent asString.
>>>> 100 timesRepeat: [ aBlock value: UUID new ].
>>>> #(vmVersion platformName primVmPath imageName
>>>> platformSubtype datedVersion lastQuitLogPosition vmStatisticsReportString
>>>> imageName)
>>>> collect:
>>>> [ : each |
>>>> aBlock value: (SmalltalkImage current perform: each)
>>>> asByteArray ] ].
>>>> aBlock
>>>> value: time asByteArray;
>>>> "maybe the pointer has moved, hit it again."
>>>> value: Sensor mousePoint asString ;
>>>> value: Time millisecondClockValue asByteArray
>>>>
>>>> ---
>>>> Pharo port:
>>>> unpredictableStringsDo: aBlock
>>>> "Enumerate sources of information from my environment that
>>>> should be generally hard to guess."
>>>>
>>>> | time |
>>>> time := Time millisecondsToRun:
>>>> [ aBlock
>>>> value: Time millisecondClockValue asByteArray ;
>>>> value: Date today asString ;
>>>> value: Time now asString.
>>>> 100 timesRepeat: [ aBlock value: UUID new ].
>>>> #(version primImagePath imagePath datedVersion
>>>> lastQuitLogPosition)
>>>> collect:
>>>> [ : each |
>>>> aBlock value: (SmalltalkImage current perform: each)
>>>> asByteArray ] ].
>>>> aBlock
>>>> value: time asByteArray;
>>>> value: Time millisecondClockValue asByteArray
>>>>
>>>>
>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>> This is a message intended for anyone who was on the Cryptography team.
>>>>> I recently ported it to Pharo and had to make changes to
>>>> RandomGenerator
>>>>> class>>unpredictableStringsDo:. This certainly removed some uncertainty
>>>>> from the results of this message. My question is what should I do about
>>>>> that? This method seems to require non-headless, as it is checking the
>>>>> mouse point and such. This being a crypto cornerstone, what the best
>>>>> answer here.
>>>>>
>>>>> Thank you,
>>>>> Robert
>>>
>>>
>>>
>>
> -----------------------------------------------------------
> Louis LaBrunda
> Keystone Software Corp.
> SkypeMe callto://PhotonDemon
> mailto:[hidden email] http://www.Keystone-Software.com
>
>

Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Ron Teitelbaum
Hi Robert,

You are already on the Cryptograph repo on SqueakSource.com as an admin.
Please feel free to reorg if you like.

Let me know if you have trouble resurrecting your account.

All the best,

Ron

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Robert Withers
> Sent: Monday, October 19, 2015 1:53 PM
> To: [hidden email]
> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to Pharo]
> RandomGenerator class>>unpredictableStringsDo:
>
> This is great guys. Is there a way to get this from the image? Good to get
it

> with an FFI/OSProcess call or something.
>
> Thank you,
> Robert
>
> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
> > Hi Guys,
> >
> > How about getting the CPU temperature.  I think most CPUs support
> > "Digital Thermal Sensor" (I'm not sure about ARM).  I think it is
> > seven bits.  The real range should be less than that but it may be
> > enough to help add some entropy.
> >
> > Lou
> >
> > On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
> > <[hidden email]> wrote:
> >
> >> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
> >> Crypto is timestamped back in 2010, so there is is. I hope these have
> >> been kind years to you, as they have for me.
> >>
> >> I love the idea of optional sources of entropy, depending on the
> >> deployed capabilities. So there are our mouse points and such,
> >> because they ought to be optional.
> >>
> >> What are some reliably present sources in the most minimal situation?
> >> If we could define minimal as an image with no image level I/O beyond
> >> file I/O, I would think we'd have: Kernel, System, Collections,
> >> Compiler and FFI. Some intransitives in that scope for entropy would be
> grand.
> >>
> >> I was thinking to take 5 millisecondClockValues, separated by 4
> >> non-secure random intervals: take the low order byte of the 4
> >> intervals and reverse & concat them, as a entropic source.
> >>
> >> I can coordinate these changes. Ron, could you add me to the
> >> Cryptography team so I can upload the Pharo Cryptography
> #bleedingEdge?
> >>
> >> Thanks and I look forward to more, :)
> >>
> >> Robert
> >>
> >> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
> >>> Hi Robert,
> >>>
> >>> Nice to see you!
> >>>
> >>> Looks interesting I know that Chris did something gathering sources of
> entropy.  Seems like the more the better.  Could you just make the entropy
> sources optional such that if they exist we use them?  I would have to go
> back and see what Chris did but he was following suggestions from
> Schneider in his secureRandom.
> >>>
> >>> All the best,
> >>>
> >>> Ron Teitelbaum
> >>>
> >>>> -----Original Message-----
> >>>> From: Pharo-dev [mailto:[hidden email]] On
> >>>> Behalf Of Robert Withers
> >>>> Sent: Sunday, October 18, 2015 5:00 AM
> >>>> To: The general-purpose Squeak developers list; Pharo Development
> >>>> List
> >>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
> >>>> RandomGenerator
> >>>> class>>unpredictableStringsDo:
> >>>>
> >>>> I'm sorry, I forgot the code. I list the existing method, followed
> >>>> by my modified Pharo method below. I welcome any feedback.
> >>>>
> >>>> Regards,
> >>>> Robert
> >>>>
> >>>> ---
> >>>> Existing:
> >>>> unpredictableStringsDo: aBlock
> >>>> "Enumerate sources of information from my environment that
> should
> >>>> be generally hard to guess."
> >>>> | time |
> >>>> time := Time millisecondsToRun:
> >>>> [ aBlock
> >>>> value: World imageForm bits compressToByteArray ;
> >>>> value: Sensor mousePoint x asString ;
> >>>> value: Sensor mousePoint y asString ;
> >>>> value: Time millisecondClockValue asByteArray ;
> >>>> value: Date today asString ;
> >>>> value: Time now asString ;
> >>>> value: Display extent asString.
> >>>> 100 timesRepeat: [ aBlock value: UUID new ].
> >>>> #(vmVersion platformName primVmPath imageName
> platformSubtype
> >>>> datedVersion lastQuitLogPosition vmStatisticsReportString
> >>>> imageName)
> >>>> collect:
> >>>> [ : each |
> >>>> aBlock value: (SmalltalkImage current perform: each)
> asByteArray
> >>>> ] ].
> >>>> aBlock
> >>>> value: time asByteArray;
> >>>> "maybe the pointer has moved, hit it again."
> >>>> value: Sensor mousePoint asString ;
> >>>> value: Time millisecondClockValue asByteArray
> >>>>
> >>>> ---
> >>>> Pharo port:
> >>>> unpredictableStringsDo: aBlock
> >>>> "Enumerate sources of information from my environment that
> should
> >>>> be generally hard to guess."
> >>>>
> >>>> | time |
> >>>> time := Time millisecondsToRun:
> >>>> [ aBlock
> >>>> value: Time millisecondClockValue asByteArray ;
> >>>> value: Date today asString ;
> >>>> value: Time now asString.
> >>>> 100 timesRepeat: [ aBlock value: UUID new ].
> >>>> #(version primImagePath imagePath datedVersion
> >>>> lastQuitLogPosition)
> >>>> collect:
> >>>> [ : each |
> >>>> aBlock value: (SmalltalkImage current perform: each)
> asByteArray
> >>>> ] ].
> >>>> aBlock
> >>>> value: time asByteArray;
> >>>> value: Time millisecondClockValue asByteArray
> >>>>
> >>>>
> >>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
> >>>>> This is a message intended for anyone who was on the Cryptography
> team.
> >>>>> I recently ported it to Pharo and had to make changes to
> >>>> RandomGenerator
> >>>>> class>>unpredictableStringsDo:. This certainly removed some
> >>>>> class>>uncertainty
> >>>>> from the results of this message. My question is what should I do
> >>>>> about that? This method seems to require non-headless, as it is
> >>>>> checking the mouse point and such. This being a crypto
> >>>>> cornerstone, what the best answer here.
> >>>>>
> >>>>> Thank you,
> >>>>> Robert
> >>>
> >>>
> >>>
> >>
> > -----------------------------------------------------------
> > Louis LaBrunda
> > Keystone Software Corp.
> > SkypeMe callto://PhotonDemon
> > mailto:[hidden email] http://www.Keystone-Software.com
> >
> >



Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
hey Ron,

It was actually the Pharo Cryptography team I was thinking of. Perhaps
we can get the same package to work in both squeak and Pharo, with use
of installable entropy sources or the like. In order to get SqueakElib
running in Pharo I need crypto and we may as well do it right.

Cheers,
Robert

On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:

> Hi Robert,
>
> You are already on the Cryptograph repo on SqueakSource.com as an admin.
> Please feel free to reorg if you like.
>
> Let me know if you have trouble resurrecting your account.
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: [hidden email] [mailto:squeak-dev-
>> [hidden email]] On Behalf Of Robert Withers
>> Sent: Monday, October 19, 2015 1:53 PM
>> To: [hidden email]
>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to Pharo]
>> RandomGenerator class>>unpredictableStringsDo:
>>
>> This is great guys. Is there a way to get this from the image? Good to get
> it
>> with an FFI/OSProcess call or something.
>>
>> Thank you,
>> Robert
>>
>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>> Hi Guys,
>>>
>>> How about getting the CPU temperature.  I think most CPUs support
>>> "Digital Thermal Sensor" (I'm not sure about ARM).  I think it is
>>> seven bits.  The real range should be less than that but it may be
>>> enough to help add some entropy.
>>>
>>> Lou
>>>
>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>> <[hidden email]> wrote:
>>>
>>>> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
>>>> Crypto is timestamped back in 2010, so there is is. I hope these have
>>>> been kind years to you, as they have for me.
>>>>
>>>> I love the idea of optional sources of entropy, depending on the
>>>> deployed capabilities. So there are our mouse points and such,
>>>> because they ought to be optional.
>>>>
>>>> What are some reliably present sources in the most minimal situation?
>>>> If we could define minimal as an image with no image level I/O beyond
>>>> file I/O, I would think we'd have: Kernel, System, Collections,
>>>> Compiler and FFI. Some intransitives in that scope for entropy would be
>> grand.
>>>>
>>>> I was thinking to take 5 millisecondClockValues, separated by 4
>>>> non-secure random intervals: take the low order byte of the 4
>>>> intervals and reverse & concat them, as a entropic source.
>>>>
>>>> I can coordinate these changes. Ron, could you add me to the
>>>> Cryptography team so I can upload the Pharo Cryptography
>> #bleedingEdge?
>>>>
>>>> Thanks and I look forward to more, :)
>>>>
>>>> Robert
>>>>
>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>> Hi Robert,
>>>>>
>>>>> Nice to see you!
>>>>>
>>>>> Looks interesting I know that Chris did something gathering sources of
>> entropy.  Seems like the more the better.  Could you just make the entropy
>> sources optional such that if they exist we use them?  I would have to go
>> back and see what Chris did but he was following suggestions from
>> Schneider in his secureRandom.
>>>>>
>>>>> All the best,
>>>>>
>>>>> Ron Teitelbaum
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Pharo-dev [mailto:[hidden email]] On
>>>>>> Behalf Of Robert Withers
>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>>>> To: The general-purpose Squeak developers list; Pharo Development
>>>>>> List
>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>> RandomGenerator
>>>>>> class>>unpredictableStringsDo:
>>>>>>
>>>>>> I'm sorry, I forgot the code. I list the existing method, followed
>>>>>> by my modified Pharo method below. I welcome any feedback.
>>>>>>
>>>>>> Regards,
>>>>>> Robert
>>>>>>
>>>>>> ---
>>>>>> Existing:
>>>>>> unpredictableStringsDo: aBlock
>>>>>> "Enumerate sources of information from my environment that
>> should
>>>>>> be generally hard to guess."
>>>>>> | time |
>>>>>> time := Time millisecondsToRun:
>>>>>> [ aBlock
>>>>>> value: World imageForm bits compressToByteArray ;
>>>>>> value: Sensor mousePoint x asString ;
>>>>>> value: Sensor mousePoint y asString ;
>>>>>> value: Time millisecondClockValue asByteArray ;
>>>>>> value: Date today asString ;
>>>>>> value: Time now asString ;
>>>>>> value: Display extent asString.
>>>>>> 100 timesRepeat: [ aBlock value: UUID new ].
>>>>>> #(vmVersion platformName primVmPath imageName
>> platformSubtype
>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
>>>>>> imageName)
>>>>>> collect:
>>>>>> [ : each |
>>>>>> aBlock value: (SmalltalkImage current perform: each)
>> asByteArray
>>>>>> ] ].
>>>>>> aBlock
>>>>>> value: time asByteArray;
>>>>>> "maybe the pointer has moved, hit it again."
>>>>>> value: Sensor mousePoint asString ;
>>>>>> value: Time millisecondClockValue asByteArray
>>>>>>
>>>>>> ---
>>>>>> Pharo port:
>>>>>> unpredictableStringsDo: aBlock
>>>>>> "Enumerate sources of information from my environment that
>> should
>>>>>> be generally hard to guess."
>>>>>>
>>>>>> | time |
>>>>>> time := Time millisecondsToRun:
>>>>>> [ aBlock
>>>>>> value: Time millisecondClockValue asByteArray ;
>>>>>> value: Date today asString ;
>>>>>> value: Time now asString.
>>>>>> 100 timesRepeat: [ aBlock value: UUID new ].
>>>>>> #(version primImagePath imagePath datedVersion
>>>>>> lastQuitLogPosition)
>>>>>> collect:
>>>>>> [ : each |
>>>>>> aBlock value: (SmalltalkImage current perform: each)
>> asByteArray
>>>>>> ] ].
>>>>>> aBlock
>>>>>> value: time asByteArray;
>>>>>> value: Time millisecondClockValue asByteArray
>>>>>>
>>>>>>
>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>> This is a message intended for anyone who was on the Cryptography
>> team.
>>>>>>> I recently ported it to Pharo and had to make changes to
>>>>>> RandomGenerator
>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
>>>>>>> class>>uncertainty
>>>>>>> from the results of this message. My question is what should I do
>>>>>>> about that? This method seems to require non-headless, as it is
>>>>>>> checking the mouse point and such. This being a crypto
>>>>>>> cornerstone, what the best answer here.
>>>>>>>
>>>>>>> Thank you,
>>>>>>> Robert
>>>>>
>>>>>
>>>>>
>>>>
>>> -----------------------------------------------------------
>>> Louis LaBrunda
>>> Keystone Software Corp.
>>> SkypeMe callto://PhotonDemon
>>> mailto:[hidden email] http://www.Keystone-Software.com
>>>
>>>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Chris Muller-3
Yes, if a common package for both Squeak and Pharo is possible, that'd
be great.  Otherwise, the Squeak and Pharo versions should reside in
separate repositories.  Squeak users are still using squeaksource.com,
Pharo moved to smalltalkhub and beyond..

On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
<[hidden email]> wrote:

> hey Ron,
>
> It was actually the Pharo Cryptography team I was thinking of. Perhaps we
> can get the same package to work in both squeak and Pharo, with use of
> installable entropy sources or the like. In order to get SqueakElib running
> in Pharo I need crypto and we may as well do it right.
>
> Cheers,
> Robert
>
>
> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>>
>> Hi Robert,
>>
>> You are already on the Cryptograph repo on SqueakSource.com as an admin.
>> Please feel free to reorg if you like.
>>
>> Let me know if you have trouble resurrecting your account.
>>
>> All the best,
>>
>> Ron
>>
>>> -----Original Message-----
>>> From: [hidden email] [mailto:squeak-dev-
>>> [hidden email]] On Behalf Of Robert Withers
>>> Sent: Monday, October 19, 2015 1:53 PM
>>> To: [hidden email]
>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to Pharo]
>>> RandomGenerator class>>unpredictableStringsDo:
>>>
>>> This is great guys. Is there a way to get this from the image? Good to
>>> get
>>
>> it
>>>
>>> with an FFI/OSProcess call or something.
>>>
>>> Thank you,
>>> Robert
>>>
>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>>>
>>>> Hi Guys,
>>>>
>>>> How about getting the CPU temperature.  I think most CPUs support
>>>> "Digital Thermal Sensor" (I'm not sure about ARM).  I think it is
>>>> seven bits.  The real range should be less than that but it may be
>>>> enough to help add some entropy.
>>>>
>>>> Lou
>>>>
>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>>> <[hidden email]> wrote:
>>>>
>>>>> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
>>>>> Crypto is timestamped back in 2010, so there is is. I hope these have
>>>>> been kind years to you, as they have for me.
>>>>>
>>>>> I love the idea of optional sources of entropy, depending on the
>>>>> deployed capabilities. So there are our mouse points and such,
>>>>> because they ought to be optional.
>>>>>
>>>>> What are some reliably present sources in the most minimal situation?
>>>>> If we could define minimal as an image with no image level I/O beyond
>>>>> file I/O, I would think we'd have: Kernel, System, Collections,
>>>>> Compiler and FFI. Some intransitives in that scope for entropy would be
>>>
>>> grand.
>>>>>
>>>>>
>>>>> I was thinking to take 5 millisecondClockValues, separated by 4
>>>>> non-secure random intervals: take the low order byte of the 4
>>>>> intervals and reverse & concat them, as a entropic source.
>>>>>
>>>>> I can coordinate these changes. Ron, could you add me to the
>>>>> Cryptography team so I can upload the Pharo Cryptography
>>>
>>> #bleedingEdge?
>>>>>
>>>>>
>>>>> Thanks and I look forward to more, :)
>>>>>
>>>>> Robert
>>>>>
>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>>>
>>>>>> Hi Robert,
>>>>>>
>>>>>> Nice to see you!
>>>>>>
>>>>>> Looks interesting I know that Chris did something gathering sources of
>>>
>>> entropy.  Seems like the more the better.  Could you just make the
>>> entropy
>>> sources optional such that if they exist we use them?  I would have to go
>>> back and see what Chris did but he was following suggestions from
>>> Schneider in his secureRandom.
>>>>>>
>>>>>>
>>>>>> All the best,
>>>>>>
>>>>>> Ron Teitelbaum
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Pharo-dev [mailto:[hidden email]] On
>>>>>>> Behalf Of Robert Withers
>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>>>>> To: The general-purpose Squeak developers list; Pharo Development
>>>>>>> List
>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>>> RandomGenerator
>>>>>>> class>>unpredictableStringsDo:
>>>>>>>
>>>>>>> I'm sorry, I forgot the code. I list the existing method, followed
>>>>>>> by my modified Pharo method below. I welcome any feedback.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Robert
>>>>>>>
>>>>>>> ---
>>>>>>> Existing:
>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>         "Enumerate sources of information from my environment that
>>>
>>> should
>>>>>>>
>>>>>>> be generally hard to guess."
>>>>>>>         | time |
>>>>>>>         time := Time millisecondsToRun:
>>>>>>>                 [ aBlock
>>>>>>>                         value: World imageForm bits
>>>>>>> compressToByteArray ;
>>>>>>>                         value: Sensor mousePoint x asString ;
>>>>>>>                         value: Sensor mousePoint y asString ;
>>>>>>>                         value: Time millisecondClockValue asByteArray
>>>>>>> ;
>>>>>>>                         value: Date today asString ;
>>>>>>>                         value: Time now asString ;
>>>>>>>                         value: Display extent asString.
>>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>                 #(vmVersion platformName primVmPath imageName
>>>
>>> platformSubtype
>>>>>>>
>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
>>>>>>> imageName)
>>>>>>> collect:
>>>>>>>                         [ : each |
>>>>>>>                         aBlock value: (SmalltalkImage current
>>>>>>> perform: each)
>>>
>>> asByteArray
>>>>>>>
>>>>>>> ] ].
>>>>>>>         aBlock
>>>>>>>                 value: time asByteArray;
>>>>>>>                 "maybe the pointer has moved, hit it again."
>>>>>>>                 value: Sensor mousePoint asString ;
>>>>>>>                 value: Time millisecondClockValue asByteArray
>>>>>>>
>>>>>>> ---
>>>>>>> Pharo port:
>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>         "Enumerate sources of information from my environment that
>>>
>>> should
>>>>>>>
>>>>>>> be generally hard to guess."
>>>>>>>
>>>>>>>         | time |
>>>>>>>         time := Time millisecondsToRun:
>>>>>>>                 [ aBlock
>>>>>>>                         value: Time millisecondClockValue asByteArray
>>>>>>> ;
>>>>>>>                         value: Date today asString ;
>>>>>>>                         value: Time now asString.
>>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>                 #(version primImagePath imagePath datedVersion
>>>>>>> lastQuitLogPosition)
>>>>>>> collect:
>>>>>>>                         [ : each |
>>>>>>>                         aBlock value: (SmalltalkImage current
>>>>>>> perform: each)
>>>
>>> asByteArray
>>>>>>>
>>>>>>> ] ].
>>>>>>>         aBlock
>>>>>>>                 value: time asByteArray;
>>>>>>>                 value: Time millisecondClockValue asByteArray
>>>>>>>
>>>>>>>
>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>>>
>>>>>>>> This is a message intended for anyone who was on the Cryptography
>>>
>>> team.
>>>>>>>>
>>>>>>>> I recently ported it to Pharo and had to make changes to
>>>>>>>
>>>>>>> RandomGenerator
>>>>>>>>
>>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
>>>>>>>> class>>uncertainty
>>>>>>>> from the results of this message. My question is what should I do
>>>>>>>> about that? This method seems to require non-headless, as it is
>>>>>>>> checking the mouse point and such. This being a crypto
>>>>>>>> cornerstone, what the best answer here.
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>> Robert
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>> -----------------------------------------------------------
>>>> Louis LaBrunda
>>>> Keystone Software Corp.
>>>> SkypeMe callto://PhotonDemon
>>>> mailto:[hidden email] http://www.Keystone-Software.com
>>>>
>>>>
>>
>>
>>
>

Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Ron Teitelbaum
Hi All,

Unless someone filed the proper paperwork I would suggest NOT moving the cryptography code anywhere except for SqueakSource.  When we started the project we spent time ensuring that we had a proper exemption from the  U.S. regulations on exporting cryptographic code.  If someone copied and forked the code that exemption may not still apply to that new repository.

I'm not personally involved with the code on Pharo, not sure who is doing crypto there.

All the best,

Ron

> -----Original Message-----
> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
> Chris Muller
> Sent: Monday, October 19, 2015 2:47 PM
> To: The general-purpose Squeak developers list
> Cc: Pharo Development List
> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
> RandomGenerator class>>unpredictableStringsDo:
>
> Yes, if a common package for both Squeak and Pharo is possible, that'd be
> great.  Otherwise, the Squeak and Pharo versions should reside in separate
> repositories.  Squeak users are still using squeaksource.com, Pharo moved to
> smalltalkhub and beyond..
>
> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
> <[hidden email]> wrote:
> > hey Ron,
> >
> > It was actually the Pharo Cryptography team I was thinking of. Perhaps
> > we can get the same package to work in both squeak and Pharo, with use
> > of installable entropy sources or the like. In order to get SqueakElib
> > running in Pharo I need crypto and we may as well do it right.
> >
> > Cheers,
> > Robert
> >
> >
> > On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
> >>
> >> Hi Robert,
> >>
> >> You are already on the Cryptograph repo on SqueakSource.com as an
> admin.
> >> Please feel free to reorg if you like.
> >>
> >> Let me know if you have trouble resurrecting your account.
> >>
> >> All the best,
> >>
> >> Ron
> >>
> >>> -----Original Message-----
> >>> From: [hidden email]
> >>> [mailto:squeak-dev- [hidden email]] On Behalf Of
> >>> Robert Withers
> >>> Sent: Monday, October 19, 2015 1:53 PM
> >>> To: [hidden email]
> >>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to Pharo]
> >>> RandomGenerator class>>unpredictableStringsDo:
> >>>
> >>> This is great guys. Is there a way to get this from the image? Good
> >>> to get
> >>
> >> it
> >>>
> >>> with an FFI/OSProcess call or something.
> >>>
> >>> Thank you,
> >>> Robert
> >>>
> >>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
> >>>>
> >>>> Hi Guys,
> >>>>
> >>>> How about getting the CPU temperature.  I think most CPUs support
> >>>> "Digital Thermal Sensor" (I'm not sure about ARM).  I think it is
> >>>> seven bits.  The real range should be less than that but it may be
> >>>> enough to help add some entropy.
> >>>>
> >>>> Lou
> >>>>
> >>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
> >>>> <[hidden email]> wrote:
> >>>>
> >>>>> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
> >>>>> Crypto is timestamped back in 2010, so there is is. I hope these
> >>>>> have been kind years to you, as they have for me.
> >>>>>
> >>>>> I love the idea of optional sources of entropy, depending on the
> >>>>> deployed capabilities. So there are our mouse points and such,
> >>>>> because they ought to be optional.
> >>>>>
> >>>>> What are some reliably present sources in the most minimal
> situation?
> >>>>> If we could define minimal as an image with no image level I/O
> >>>>> beyond file I/O, I would think we'd have: Kernel, System,
> >>>>> Collections, Compiler and FFI. Some intransitives in that scope
> >>>>> for entropy would be
> >>>
> >>> grand.
> >>>>>
> >>>>>
> >>>>> I was thinking to take 5 millisecondClockValues, separated by 4
> >>>>> non-secure random intervals: take the low order byte of the 4
> >>>>> intervals and reverse & concat them, as a entropic source.
> >>>>>
> >>>>> I can coordinate these changes. Ron, could you add me to the
> >>>>> Cryptography team so I can upload the Pharo Cryptography
> >>>
> >>> #bleedingEdge?
> >>>>>
> >>>>>
> >>>>> Thanks and I look forward to more, :)
> >>>>>
> >>>>> Robert
> >>>>>
> >>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
> >>>>>>
> >>>>>> Hi Robert,
> >>>>>>
> >>>>>> Nice to see you!
> >>>>>>
> >>>>>> Looks interesting I know that Chris did something gathering
> >>>>>> sources of
> >>>
> >>> entropy.  Seems like the more the better.  Could you just make the
> >>> entropy sources optional such that if they exist we use them?  I
> >>> would have to go back and see what Chris did but he was following
> >>> suggestions from Schneider in his secureRandom.
> >>>>>>
> >>>>>>
> >>>>>> All the best,
> >>>>>>
> >>>>>> Ron Teitelbaum
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: Pharo-dev [mailto:[hidden email]] On
> >>>>>>> Behalf Of Robert Withers
> >>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
> >>>>>>> To: The general-purpose Squeak developers list; Pharo
> >>>>>>> Development List
> >>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
> >>>>>>> RandomGenerator
> >>>>>>> class>>unpredictableStringsDo:
> >>>>>>>
> >>>>>>> I'm sorry, I forgot the code. I list the existing method,
> >>>>>>> followed by my modified Pharo method below. I welcome any
> feedback.
> >>>>>>>
> >>>>>>> Regards,
> >>>>>>> Robert
> >>>>>>>
> >>>>>>> ---
> >>>>>>> Existing:
> >>>>>>> unpredictableStringsDo: aBlock
> >>>>>>>         "Enumerate sources of information from my environment
> >>>>>>> that
> >>>
> >>> should
> >>>>>>>
> >>>>>>> be generally hard to guess."
> >>>>>>>         | time |
> >>>>>>>         time := Time millisecondsToRun:
> >>>>>>>                 [ aBlock
> >>>>>>>                         value: World imageForm bits
> >>>>>>> compressToByteArray ;
> >>>>>>>                         value: Sensor mousePoint x asString ;
> >>>>>>>                         value: Sensor mousePoint y asString ;
> >>>>>>>                         value: Time millisecondClockValue
> >>>>>>> asByteArray ;
> >>>>>>>                         value: Date today asString ;
> >>>>>>>                         value: Time now asString ;
> >>>>>>>                         value: Display extent asString.
> >>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
> >>>>>>>                 #(vmVersion platformName primVmPath imageName
> >>>
> >>> platformSubtype
> >>>>>>>
> >>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
> >>>>>>> imageName)
> >>>>>>> collect:
> >>>>>>>                         [ : each |
> >>>>>>>                         aBlock value: (SmalltalkImage current
> >>>>>>> perform: each)
> >>>
> >>> asByteArray
> >>>>>>>
> >>>>>>> ] ].
> >>>>>>>         aBlock
> >>>>>>>                 value: time asByteArray;
> >>>>>>>                 "maybe the pointer has moved, hit it again."
> >>>>>>>                 value: Sensor mousePoint asString ;
> >>>>>>>                 value: Time millisecondClockValue asByteArray
> >>>>>>>
> >>>>>>> ---
> >>>>>>> Pharo port:
> >>>>>>> unpredictableStringsDo: aBlock
> >>>>>>>         "Enumerate sources of information from my environment
> >>>>>>> that
> >>>
> >>> should
> >>>>>>>
> >>>>>>> be generally hard to guess."
> >>>>>>>
> >>>>>>>         | time |
> >>>>>>>         time := Time millisecondsToRun:
> >>>>>>>                 [ aBlock
> >>>>>>>                         value: Time millisecondClockValue
> >>>>>>> asByteArray ;
> >>>>>>>                         value: Date today asString ;
> >>>>>>>                         value: Time now asString.
> >>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
> >>>>>>>                 #(version primImagePath imagePath datedVersion
> >>>>>>> lastQuitLogPosition)
> >>>>>>> collect:
> >>>>>>>                         [ : each |
> >>>>>>>                         aBlock value: (SmalltalkImage current
> >>>>>>> perform: each)
> >>>
> >>> asByteArray
> >>>>>>>
> >>>>>>> ] ].
> >>>>>>>         aBlock
> >>>>>>>                 value: time asByteArray;
> >>>>>>>                 value: Time millisecondClockValue asByteArray
> >>>>>>>
> >>>>>>>
> >>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
> >>>>>>>>
> >>>>>>>> This is a message intended for anyone who was on the
> >>>>>>>> Cryptography
> >>>
> >>> team.
> >>>>>>>>
> >>>>>>>> I recently ported it to Pharo and had to make changes to
> >>>>>>>
> >>>>>>> RandomGenerator
> >>>>>>>>
> >>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
> >>>>>>>> class>>uncertainty
> >>>>>>>> from the results of this message. My question is what should I
> >>>>>>>> do about that? This method seems to require non-headless, as it
> >>>>>>>> is checking the mouse point and such. This being a crypto
> >>>>>>>> cornerstone, what the best answer here.
> >>>>>>>>
> >>>>>>>> Thank you,
> >>>>>>>> Robert
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>> -----------------------------------------------------------
> >>>> Louis LaBrunda
> >>>> Keystone Software Corp.
> >>>> SkypeMe callto://PhotonDemon
> >>>> mailto:[hidden email] http://www.Keystone-
> Software.com
> >>>>
> >>>>
> >>
> >>
> >>
> >



Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Chris Muller-4
Heh, well, since then SqueakSource itself was moved to a different
server in a different country.  I guess there was also a mirror of
SqueakSource hosted in Chile under a different URL for many years.

I'm doubtful any of it matters, but we wouldn't want anyone to end up
in Gitmo over it.  If you're uncomfortable about hosting a copy
elsewhere, then please at least namespace-prefix the Pharo-specific
packages, to at least help keep it from becoming a tangled mess.

On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]> wrote:

> Hi All,
>
> Unless someone filed the proper paperwork I would suggest NOT moving the cryptography code anywhere except for SqueakSource.  When we started the project we spent time ensuring that we had a proper exemption from the  U.S. regulations on exporting cryptographic code.  If someone copied and forked the code that exemption may not still apply to that new repository.
>
> I'm not personally involved with the code on Pharo, not sure who is doing crypto there.
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
>> Chris Muller
>> Sent: Monday, October 19, 2015 2:47 PM
>> To: The general-purpose Squeak developers list
>> Cc: Pharo Development List
>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>> RandomGenerator class>>unpredictableStringsDo:
>>
>> Yes, if a common package for both Squeak and Pharo is possible, that'd be
>> great.  Otherwise, the Squeak and Pharo versions should reside in separate
>> repositories.  Squeak users are still using squeaksource.com, Pharo moved to
>> smalltalkhub and beyond..
>>
>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
>> <[hidden email]> wrote:
>> > hey Ron,
>> >
>> > It was actually the Pharo Cryptography team I was thinking of. Perhaps
>> > we can get the same package to work in both squeak and Pharo, with use
>> > of installable entropy sources or the like. In order to get SqueakElib
>> > running in Pharo I need crypto and we may as well do it right.
>> >
>> > Cheers,
>> > Robert
>> >
>> >
>> > On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>> >>
>> >> Hi Robert,
>> >>
>> >> You are already on the Cryptograph repo on SqueakSource.com as an
>> admin.
>> >> Please feel free to reorg if you like.
>> >>
>> >> Let me know if you have trouble resurrecting your account.
>> >>
>> >> All the best,
>> >>
>> >> Ron
>> >>
>> >>> -----Original Message-----
>> >>> From: [hidden email]
>> >>> [mailto:squeak-dev- [hidden email]] On Behalf Of
>> >>> Robert Withers
>> >>> Sent: Monday, October 19, 2015 1:53 PM
>> >>> To: [hidden email]
>> >>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to Pharo]
>> >>> RandomGenerator class>>unpredictableStringsDo:
>> >>>
>> >>> This is great guys. Is there a way to get this from the image? Good
>> >>> to get
>> >>
>> >> it
>> >>>
>> >>> with an FFI/OSProcess call or something.
>> >>>
>> >>> Thank you,
>> >>> Robert
>> >>>
>> >>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>> >>>>
>> >>>> Hi Guys,
>> >>>>
>> >>>> How about getting the CPU temperature.  I think most CPUs support
>> >>>> "Digital Thermal Sensor" (I'm not sure about ARM).  I think it is
>> >>>> seven bits.  The real range should be less than that but it may be
>> >>>> enough to help add some entropy.
>> >>>>
>> >>>> Lou
>> >>>>
>> >>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>> >>>> <[hidden email]> wrote:
>> >>>>
>> >>>>> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
>> >>>>> Crypto is timestamped back in 2010, so there is is. I hope these
>> >>>>> have been kind years to you, as they have for me.
>> >>>>>
>> >>>>> I love the idea of optional sources of entropy, depending on the
>> >>>>> deployed capabilities. So there are our mouse points and such,
>> >>>>> because they ought to be optional.
>> >>>>>
>> >>>>> What are some reliably present sources in the most minimal
>> situation?
>> >>>>> If we could define minimal as an image with no image level I/O
>> >>>>> beyond file I/O, I would think we'd have: Kernel, System,
>> >>>>> Collections, Compiler and FFI. Some intransitives in that scope
>> >>>>> for entropy would be
>> >>>
>> >>> grand.
>> >>>>>
>> >>>>>
>> >>>>> I was thinking to take 5 millisecondClockValues, separated by 4
>> >>>>> non-secure random intervals: take the low order byte of the 4
>> >>>>> intervals and reverse & concat them, as a entropic source.
>> >>>>>
>> >>>>> I can coordinate these changes. Ron, could you add me to the
>> >>>>> Cryptography team so I can upload the Pharo Cryptography
>> >>>
>> >>> #bleedingEdge?
>> >>>>>
>> >>>>>
>> >>>>> Thanks and I look forward to more, :)
>> >>>>>
>> >>>>> Robert
>> >>>>>
>> >>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>> >>>>>>
>> >>>>>> Hi Robert,
>> >>>>>>
>> >>>>>> Nice to see you!
>> >>>>>>
>> >>>>>> Looks interesting I know that Chris did something gathering
>> >>>>>> sources of
>> >>>
>> >>> entropy.  Seems like the more the better.  Could you just make the
>> >>> entropy sources optional such that if they exist we use them?  I
>> >>> would have to go back and see what Chris did but he was following
>> >>> suggestions from Schneider in his secureRandom.
>> >>>>>>
>> >>>>>>
>> >>>>>> All the best,
>> >>>>>>
>> >>>>>> Ron Teitelbaum
>> >>>>>>
>> >>>>>>> -----Original Message-----
>> >>>>>>> From: Pharo-dev [mailto:[hidden email]] On
>> >>>>>>> Behalf Of Robert Withers
>> >>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
>> >>>>>>> To: The general-purpose Squeak developers list; Pharo
>> >>>>>>> Development List
>> >>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
>> >>>>>>> RandomGenerator
>> >>>>>>> class>>unpredictableStringsDo:
>> >>>>>>>
>> >>>>>>> I'm sorry, I forgot the code. I list the existing method,
>> >>>>>>> followed by my modified Pharo method below. I welcome any
>> feedback.
>> >>>>>>>
>> >>>>>>> Regards,
>> >>>>>>> Robert
>> >>>>>>>
>> >>>>>>> ---
>> >>>>>>> Existing:
>> >>>>>>> unpredictableStringsDo: aBlock
>> >>>>>>>         "Enumerate sources of information from my environment
>> >>>>>>> that
>> >>>
>> >>> should
>> >>>>>>>
>> >>>>>>> be generally hard to guess."
>> >>>>>>>         | time |
>> >>>>>>>         time := Time millisecondsToRun:
>> >>>>>>>                 [ aBlock
>> >>>>>>>                         value: World imageForm bits
>> >>>>>>> compressToByteArray ;
>> >>>>>>>                         value: Sensor mousePoint x asString ;
>> >>>>>>>                         value: Sensor mousePoint y asString ;
>> >>>>>>>                         value: Time millisecondClockValue
>> >>>>>>> asByteArray ;
>> >>>>>>>                         value: Date today asString ;
>> >>>>>>>                         value: Time now asString ;
>> >>>>>>>                         value: Display extent asString.
>> >>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
>> >>>>>>>                 #(vmVersion platformName primVmPath imageName
>> >>>
>> >>> platformSubtype
>> >>>>>>>
>> >>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
>> >>>>>>> imageName)
>> >>>>>>> collect:
>> >>>>>>>                         [ : each |
>> >>>>>>>                         aBlock value: (SmalltalkImage current
>> >>>>>>> perform: each)
>> >>>
>> >>> asByteArray
>> >>>>>>>
>> >>>>>>> ] ].
>> >>>>>>>         aBlock
>> >>>>>>>                 value: time asByteArray;
>> >>>>>>>                 "maybe the pointer has moved, hit it again."
>> >>>>>>>                 value: Sensor mousePoint asString ;
>> >>>>>>>                 value: Time millisecondClockValue asByteArray
>> >>>>>>>
>> >>>>>>> ---
>> >>>>>>> Pharo port:
>> >>>>>>> unpredictableStringsDo: aBlock
>> >>>>>>>         "Enumerate sources of information from my environment
>> >>>>>>> that
>> >>>
>> >>> should
>> >>>>>>>
>> >>>>>>> be generally hard to guess."
>> >>>>>>>
>> >>>>>>>         | time |
>> >>>>>>>         time := Time millisecondsToRun:
>> >>>>>>>                 [ aBlock
>> >>>>>>>                         value: Time millisecondClockValue
>> >>>>>>> asByteArray ;
>> >>>>>>>                         value: Date today asString ;
>> >>>>>>>                         value: Time now asString.
>> >>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
>> >>>>>>>                 #(version primImagePath imagePath datedVersion
>> >>>>>>> lastQuitLogPosition)
>> >>>>>>> collect:
>> >>>>>>>                         [ : each |
>> >>>>>>>                         aBlock value: (SmalltalkImage current
>> >>>>>>> perform: each)
>> >>>
>> >>> asByteArray
>> >>>>>>>
>> >>>>>>> ] ].
>> >>>>>>>         aBlock
>> >>>>>>>                 value: time asByteArray;
>> >>>>>>>                 value: Time millisecondClockValue asByteArray
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>> >>>>>>>>
>> >>>>>>>> This is a message intended for anyone who was on the
>> >>>>>>>> Cryptography
>> >>>
>> >>> team.
>> >>>>>>>>
>> >>>>>>>> I recently ported it to Pharo and had to make changes to
>> >>>>>>>
>> >>>>>>> RandomGenerator
>> >>>>>>>>
>> >>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
>> >>>>>>>> class>>uncertainty
>> >>>>>>>> from the results of this message. My question is what should I
>> >>>>>>>> do about that? This method seems to require non-headless, as it
>> >>>>>>>> is checking the mouse point and such. This being a crypto
>> >>>>>>>> cornerstone, what the best answer here.
>> >>>>>>>>
>> >>>>>>>> Thank you,
>> >>>>>>>> Robert
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>> -----------------------------------------------------------
>> >>>> Louis LaBrunda
>> >>>> Keystone Software Corp.
>> >>>> SkypeMe callto://PhotonDemon
>> >>>> mailto:[hidden email] http://www.Keystone-
>> Software.com
>> >>>>
>> >>>>
>> >>
>> >>
>> >>
>> >
>
>

Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Ron Teitelbaum
Hi Chris,

The exemption is not for the location of the server but the URL where it is hosted.  I'm happy to help in any way I can but I don't have access to the Pharo Repos.  I have no issue with having Pharo packages on SqueakSource if that is what everyone agrees too.  We have multiple packages hosted there.  It's ok with me if we host some pharo code there too.  

All the best,

Ron

> -----Original Message-----
> From: Chris Muller [mailto:[hidden email]]
> Sent: Monday, October 19, 2015 3:59 PM
> To: Ron Teitelbaum
> Cc: Pharo Development List; The general-purpose Squeak developers list
> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
> RandomGenerator class>>unpredictableStringsDo:
>
> Heh, well, since then SqueakSource itself was moved to a different server in
> a different country.  I guess there was also a mirror of SqueakSource hosted
> in Chile under a different URL for many years.
>
> I'm doubtful any of it matters, but we wouldn't want anyone to end up in
> Gitmo over it.  If you're uncomfortable about hosting a copy elsewhere, then
> please at least namespace-prefix the Pharo-specific packages, to at least help
> keep it from becoming a tangled mess.
>
> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]>
> wrote:
> > Hi All,
> >
> > Unless someone filed the proper paperwork I would suggest NOT moving
> the cryptography code anywhere except for SqueakSource.  When we started
> the project we spent time ensuring that we had a proper exemption from
> the  U.S. regulations on exporting cryptographic code.  If someone copied
> and forked the code that exemption may not still apply to that new
> repository.
> >
> > I'm not personally involved with the code on Pharo, not sure who is doing
> crypto there.
> >
> > All the best,
> >
> > Ron
> >
> >> -----Original Message-----
> >> From: Pharo-dev [mailto:[hidden email]] On Behalf
> >> Of Chris Muller
> >> Sent: Monday, October 19, 2015 2:47 PM
> >> To: The general-purpose Squeak developers list
> >> Cc: Pharo Development List
> >> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
> >> RandomGenerator class>>unpredictableStringsDo:
> >>
> >> Yes, if a common package for both Squeak and Pharo is possible,
> >> that'd be great.  Otherwise, the Squeak and Pharo versions should
> >> reside in separate repositories.  Squeak users are still using
> >> squeaksource.com, Pharo moved to smalltalkhub and beyond..
> >>
> >> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
> >> <[hidden email]> wrote:
> >> > hey Ron,
> >> >
> >> > It was actually the Pharo Cryptography team I was thinking of.
> >> > Perhaps we can get the same package to work in both squeak and
> >> > Pharo, with use of installable entropy sources or the like. In
> >> > order to get SqueakElib running in Pharo I need crypto and we may as
> well do it right.
> >> >
> >> > Cheers,
> >> > Robert
> >> >
> >> >
> >> > On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
> >> >>
> >> >> Hi Robert,
> >> >>
> >> >> You are already on the Cryptograph repo on SqueakSource.com as an
> >> admin.
> >> >> Please feel free to reorg if you like.
> >> >>
> >> >> Let me know if you have trouble resurrecting your account.
> >> >>
> >> >> All the best,
> >> >>
> >> >> Ron
> >> >>
> >> >>> -----Original Message-----
> >> >>> From: [hidden email]
> >> >>> [mailto:squeak-dev- [hidden email]] On Behalf
> >> >>> Of Robert Withers
> >> >>> Sent: Monday, October 19, 2015 1:53 PM
> >> >>> To: [hidden email]
> >> >>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to
> >> >>> Pharo] RandomGenerator class>>unpredictableStringsDo:
> >> >>>
> >> >>> This is great guys. Is there a way to get this from the image?
> >> >>> Good to get
> >> >>
> >> >> it
> >> >>>
> >> >>> with an FFI/OSProcess call or something.
> >> >>>
> >> >>> Thank you,
> >> >>> Robert
> >> >>>
> >> >>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
> >> >>>>
> >> >>>> Hi Guys,
> >> >>>>
> >> >>>> How about getting the CPU temperature.  I think most CPUs
> >> >>>> support "Digital Thermal Sensor" (I'm not sure about ARM).  I
> >> >>>> think it is seven bits.  The real range should be less than that
> >> >>>> but it may be enough to help add some entropy.
> >> >>>>
> >> >>>> Lou
> >> >>>>
> >> >>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
> >> >>>> <[hidden email]> wrote:
> >> >>>>
> >> >>>>> Hi Ron , nice to see you too! It has been a number of years, hasn't
> it?
> >> >>>>> Crypto is timestamped back in 2010, so there is is. I hope
> >> >>>>> these have been kind years to you, as they have for me.
> >> >>>>>
> >> >>>>> I love the idea of optional sources of entropy, depending on
> >> >>>>> the deployed capabilities. So there are our mouse points and
> >> >>>>> such, because they ought to be optional.
> >> >>>>>
> >> >>>>> What are some reliably present sources in the most minimal
> >> situation?
> >> >>>>> If we could define minimal as an image with no image level I/O
> >> >>>>> beyond file I/O, I would think we'd have: Kernel, System,
> >> >>>>> Collections, Compiler and FFI. Some intransitives in that scope
> >> >>>>> for entropy would be
> >> >>>
> >> >>> grand.
> >> >>>>>
> >> >>>>>
> >> >>>>> I was thinking to take 5 millisecondClockValues, separated by 4
> >> >>>>> non-secure random intervals: take the low order byte of the 4
> >> >>>>> intervals and reverse & concat them, as a entropic source.
> >> >>>>>
> >> >>>>> I can coordinate these changes. Ron, could you add me to the
> >> >>>>> Cryptography team so I can upload the Pharo Cryptography
> >> >>>
> >> >>> #bleedingEdge?
> >> >>>>>
> >> >>>>>
> >> >>>>> Thanks and I look forward to more, :)
> >> >>>>>
> >> >>>>> Robert
> >> >>>>>
> >> >>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
> >> >>>>>>
> >> >>>>>> Hi Robert,
> >> >>>>>>
> >> >>>>>> Nice to see you!
> >> >>>>>>
> >> >>>>>> Looks interesting I know that Chris did something gathering
> >> >>>>>> sources of
> >> >>>
> >> >>> entropy.  Seems like the more the better.  Could you just make
> >> >>> the entropy sources optional such that if they exist we use them?
> >> >>> I would have to go back and see what Chris did but he was
> >> >>> following suggestions from Schneider in his secureRandom.
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> All the best,
> >> >>>>>>
> >> >>>>>> Ron Teitelbaum
> >> >>>>>>
> >> >>>>>>> -----Original Message-----
> >> >>>>>>> From: Pharo-dev [mailto:[hidden email]] On
> >> >>>>>>> Behalf Of Robert Withers
> >> >>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
> >> >>>>>>> To: The general-purpose Squeak developers list; Pharo
> >> >>>>>>> Development List
> >> >>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
> >> >>>>>>> RandomGenerator
> >> >>>>>>> class>>unpredictableStringsDo:
> >> >>>>>>>
> >> >>>>>>> I'm sorry, I forgot the code. I list the existing method,
> >> >>>>>>> followed by my modified Pharo method below. I welcome any
> >> feedback.
> >> >>>>>>>
> >> >>>>>>> Regards,
> >> >>>>>>> Robert
> >> >>>>>>>
> >> >>>>>>> ---
> >> >>>>>>> Existing:
> >> >>>>>>> unpredictableStringsDo: aBlock
> >> >>>>>>>         "Enumerate sources of information from my environment
> >> >>>>>>> that
> >> >>>
> >> >>> should
> >> >>>>>>>
> >> >>>>>>> be generally hard to guess."
> >> >>>>>>>         | time |
> >> >>>>>>>         time := Time millisecondsToRun:
> >> >>>>>>>                 [ aBlock
> >> >>>>>>>                         value: World imageForm bits
> >> >>>>>>> compressToByteArray ;
> >> >>>>>>>                         value: Sensor mousePoint x asString ;
> >> >>>>>>>                         value: Sensor mousePoint y asString ;
> >> >>>>>>>                         value: Time millisecondClockValue
> >> >>>>>>> asByteArray ;
> >> >>>>>>>                         value: Date today asString ;
> >> >>>>>>>                         value: Time now asString ;
> >> >>>>>>>                         value: Display extent asString.
> >> >>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
> >> >>>>>>>                 #(vmVersion platformName primVmPath imageName
> >> >>>
> >> >>> platformSubtype
> >> >>>>>>>
> >> >>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
> >> >>>>>>> imageName)
> >> >>>>>>> collect:
> >> >>>>>>>                         [ : each |
> >> >>>>>>>                         aBlock value: (SmalltalkImage current
> >> >>>>>>> perform: each)
> >> >>>
> >> >>> asByteArray
> >> >>>>>>>
> >> >>>>>>> ] ].
> >> >>>>>>>         aBlock
> >> >>>>>>>                 value: time asByteArray;
> >> >>>>>>>                 "maybe the pointer has moved, hit it again."
> >> >>>>>>>                 value: Sensor mousePoint asString ;
> >> >>>>>>>                 value: Time millisecondClockValue asByteArray
> >> >>>>>>>
> >> >>>>>>> ---
> >> >>>>>>> Pharo port:
> >> >>>>>>> unpredictableStringsDo: aBlock
> >> >>>>>>>         "Enumerate sources of information from my environment
> >> >>>>>>> that
> >> >>>
> >> >>> should
> >> >>>>>>>
> >> >>>>>>> be generally hard to guess."
> >> >>>>>>>
> >> >>>>>>>         | time |
> >> >>>>>>>         time := Time millisecondsToRun:
> >> >>>>>>>                 [ aBlock
> >> >>>>>>>                         value: Time millisecondClockValue
> >> >>>>>>> asByteArray ;
> >> >>>>>>>                         value: Date today asString ;
> >> >>>>>>>                         value: Time now asString.
> >> >>>>>>>                 100 timesRepeat: [ aBlock value: UUID new ].
> >> >>>>>>>                 #(version primImagePath imagePath
> >> >>>>>>> datedVersion
> >> >>>>>>> lastQuitLogPosition)
> >> >>>>>>> collect:
> >> >>>>>>>                         [ : each |
> >> >>>>>>>                         aBlock value: (SmalltalkImage current
> >> >>>>>>> perform: each)
> >> >>>
> >> >>> asByteArray
> >> >>>>>>>
> >> >>>>>>> ] ].
> >> >>>>>>>         aBlock
> >> >>>>>>>                 value: time asByteArray;
> >> >>>>>>>                 value: Time millisecondClockValue asByteArray
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
> >> >>>>>>>>
> >> >>>>>>>> This is a message intended for anyone who was on the
> >> >>>>>>>> Cryptography
> >> >>>
> >> >>> team.
> >> >>>>>>>>
> >> >>>>>>>> I recently ported it to Pharo and had to make changes to
> >> >>>>>>>
> >> >>>>>>> RandomGenerator
> >> >>>>>>>>
> >> >>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
> >> >>>>>>>> class>>uncertainty
> >> >>>>>>>> from the results of this message. My question is what should
> >> >>>>>>>> I do about that? This method seems to require non-headless,
> >> >>>>>>>> as it is checking the mouse point and such. This being a
> >> >>>>>>>> crypto cornerstone, what the best answer here.
> >> >>>>>>>>
> >> >>>>>>>> Thank you,
> >> >>>>>>>> Robert
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>
> >> >>>> -----------------------------------------------------------
> >> >>>> Louis LaBrunda
> >> >>>> Keystone Software Corp.
> >> >>>> SkypeMe callto://PhotonDemon
> >> >>>> mailto:[hidden email] http://www.Keystone-
> >> Software.com
> >> >>>>
> >> >>>>
> >> >>
> >> >>
> >> >>
> >> >
> >
> >


Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
Ron, would it be an easy process to add a second URL to the exception
paperwork. Pharo does have new ideas about code storage and distribution
that we would want to take advantage of. This would help a lot!

Then again, screw their paperwork requirements of us. Put my name as
responsible on the Pharo code and I'll take a trip to Cuba, if they need
a scape goat for their 20th century thinking. Crypto is already out of
the bag and everyone uses it freely. Just do it and ask permission later.

In thinking about consolidating crypto code between squeak and pharo, I
would guess there would be a thin capatibility layer for each system,
then the Crypto code in the main. My goal is to have compatibility,
crypto and plugins on both virtual platforms.

Thanks so much ^^

Robert

On 10/19/2015 05:17 PM, Ron Teitelbaum wrote:

> Hi Chris,
>
> The exemption is not for the location of the server but the URL where
> it is hosted.  I'm happy to help in any way I can but I don't have
> access to the Pharo Repos.  I have no issue with having Pharo
> packages on SqueakSource if that is what everyone agrees too.  We
> have multiple packages hosted there.  It's ok with me if we host some
> pharo code there too.
>
> All the best,
>
> Ron
>
>> -----Original Message----- From: Chris Muller
>> [mailto:[hidden email]] Sent: Monday, October 19, 2015 3:59
>> PM To: Ron Teitelbaum Cc: Pharo Development List; The
>> general-purpose Squeak developers list Subject: Re: [Pharo-dev]
>> [squeak-dev] [Cryptography port to Pharo] RandomGenerator
>> class>>unpredictableStringsDo:
>>
>> Heh, well, since then SqueakSource itself was moved to a different
>> server in a different country.  I guess there was also a mirror of
>> SqueakSource hosted in Chile under a different URL for many years.
>>
>> I'm doubtful any of it matters, but we wouldn't want anyone to end
>> up in Gitmo over it.  If you're uncomfortable about hosting a copy
>> elsewhere, then please at least namespace-prefix the Pharo-specific
>> packages, to at least help keep it from becoming a tangled mess.
>>
>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]>
>> wrote:
>>> Hi All,
>>>
>>> Unless someone filed the proper paperwork I would suggest NOT
>>> moving
>> the cryptography code anywhere except for SqueakSource.  When we
>> started the project we spent time ensuring that we had a proper
>> exemption from the  U.S. regulations on exporting cryptographic
>> code.  If someone copied and forked the code that exemption may not
>> still apply to that new repository.
>>>
>>> I'm not personally involved with the code on Pharo, not sure who
>>> is doing
>> crypto there.
>>>
>>> All the best,
>>>
>>> Ron
>>>
>>>> -----Original Message----- From: Pharo-dev
>>>> [mailto:[hidden email]] On Behalf Of Chris
>>>> Muller Sent: Monday, October 19, 2015 2:47 PM To: The
>>>> general-purpose Squeak developers list Cc: Pharo Development
>>>> List Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port
>>>> to Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>
>>>> Yes, if a common package for both Squeak and Pharo is
>>>> possible, that'd be great.  Otherwise, the Squeak and Pharo
>>>> versions should reside in separate repositories.  Squeak users
>>>> are still using squeaksource.com, Pharo moved to smalltalkhub
>>>> and beyond..
>>>>
>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
>>>> <[hidden email]> wrote:
>>>>> hey Ron,
>>>>>
>>>>> It was actually the Pharo Cryptography team I was thinking
>>>>> of. Perhaps we can get the same package to work in both
>>>>> squeak and Pharo, with use of installable entropy sources or
>>>>> the like. In order to get SqueakElib running in Pharo I need
>>>>> crypto and we may as
>> well do it right.
>>>>>
>>>>> Cheers, Robert
>>>>>
>>>>>
>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>>>>>>
>>>>>> Hi Robert,
>>>>>>
>>>>>> You are already on the Cryptograph repo on SqueakSource.com
>>>>>> as an
>>>> admin.
>>>>>> Please feel free to reorg if you like.
>>>>>>
>>>>>> Let me know if you have trouble resurrecting your account.
>>>>>>
>>>>>> All the best,
>>>>>>
>>>>>> Ron
>>>>>>
>>>>>>> -----Original Message----- From:
>>>>>>> [hidden email]
>>>>>>> [mailto:squeak-dev- [hidden email]]
>>>>>>> On Behalf Of Robert Withers Sent: Monday, October 19,
>>>>>>> 2015 1:53 PM To: [hidden email]
>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port
>>>>>>> to Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>>>>
>>>>>>> This is great guys. Is there a way to get this from the
>>>>>>> image? Good to get
>>>>>>
>>>>>> it
>>>>>>>
>>>>>>> with an FFI/OSProcess call or something.
>>>>>>>
>>>>>>> Thank you, Robert
>>>>>>>
>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>>>>>>>
>>>>>>>> Hi Guys,
>>>>>>>>
>>>>>>>> How about getting the CPU temperature.  I think most
>>>>>>>> CPUs support "Digital Thermal Sensor" (I'm not sure
>>>>>>>> about ARM).  I think it is seven bits.  The real range
>>>>>>>> should be less than that but it may be enough to help
>>>>>>>> add some entropy.
>>>>>>>>
>>>>>>>> Lou
>>>>>>>>
>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>>>>>>> <[hidden email]> wrote:
>>>>>>>>
>>>>>>>>> Hi Ron , nice to see you too! It has been a number of
>>>>>>>>> years, hasn't
>> it?
>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I
>>>>>>>>> hope these have been kind years to you, as they have
>>>>>>>>> for me.
>>>>>>>>>
>>>>>>>>> I love the idea of optional sources of entropy,
>>>>>>>>> depending on the deployed capabilities. So there are
>>>>>>>>> our mouse points and such, because they ought to be
>>>>>>>>> optional.
>>>>>>>>>
>>>>>>>>> What are some reliably present sources in the most
>>>>>>>>> minimal
>>>> situation?
>>>>>>>>> If we could define minimal as an image with no image
>>>>>>>>> level I/O beyond file I/O, I would think we'd have:
>>>>>>>>> Kernel, System, Collections, Compiler and FFI. Some
>>>>>>>>> intransitives in that scope for entropy would be
>>>>>>>
>>>>>>> grand.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I was thinking to take 5 millisecondClockValues,
>>>>>>>>> separated by 4 non-secure random intervals: take the
>>>>>>>>> low order byte of the 4 intervals and reverse &
>>>>>>>>> concat them, as a entropic source.
>>>>>>>>>
>>>>>>>>> I can coordinate these changes. Ron, could you add me
>>>>>>>>> to the Cryptography team so I can upload the Pharo
>>>>>>>>> Cryptography
>>>>>>>
>>>>>>> #bleedingEdge?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks and I look forward to more, :)
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Robert,
>>>>>>>>>>
>>>>>>>>>> Nice to see you!
>>>>>>>>>>
>>>>>>>>>> Looks interesting I know that Chris did something
>>>>>>>>>> gathering sources of
>>>>>>>
>>>>>>> entropy.  Seems like the more the better.  Could you just
>>>>>>> make the entropy sources optional such that if they exist
>>>>>>> we use them? I would have to go back and see what Chris
>>>>>>> did but he was following suggestions from Schneider in
>>>>>>> his secureRandom.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> All the best,
>>>>>>>>>>
>>>>>>>>>> Ron Teitelbaum
>>>>>>>>>>
>>>>>>>>>>> -----Original Message----- From: Pharo-dev
>>>>>>>>>>> [mailto:[hidden email]] On
>>>>>>>>>>> Behalf Of Robert Withers Sent: Sunday, October
>>>>>>>>>>> 18, 2015 5:00 AM To: The general-purpose Squeak
>>>>>>>>>>> developers list; Pharo Development List Subject:
>>>>>>>>>>> Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>>>>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>>>>>>>>
>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing
>>>>>>>>>>> method, followed by my modified Pharo method
>>>>>>>>>>> below. I welcome any
>>>> feedback.
>>>>>>>>>>>
>>>>>>>>>>> Regards, Robert
>>>>>>>>>>>
>>>>>>>>>>> --- Existing: unpredictableStringsDo: aBlock
>>>>>>>>>>> "Enumerate sources of information from my
>>>>>>>>>>> environment that
>>>>>>>
>>>>>>> should
>>>>>>>>>>>
>>>>>>>>>>> be generally hard to guess." | time | time :=
>>>>>>>>>>> Time millisecondsToRun: [ aBlock value: World
>>>>>>>>>>> imageForm bits compressToByteArray ; value:
>>>>>>>>>>> Sensor mousePoint x asString ; value: Sensor
>>>>>>>>>>> mousePoint y asString ; value: Time
>>>>>>>>>>> millisecondClockValue asByteArray ; value: Date
>>>>>>>>>>> today asString ; value: Time now asString ;
>>>>>>>>>>> value: Display extent asString. 100 timesRepeat:
>>>>>>>>>>> [ aBlock value: UUID new ]. #(vmVersion
>>>>>>>>>>> platformName primVmPath imageName
>>>>>>>
>>>>>>> platformSubtype
>>>>>>>>>>>
>>>>>>>>>>> datedVersion lastQuitLogPosition
>>>>>>>>>>> vmStatisticsReportString imageName) collect: [ :
>>>>>>>>>>> each | aBlock value: (SmalltalkImage current
>>>>>>>>>>> perform: each)
>>>>>>>
>>>>>>> asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ] ]. aBlock value: time asByteArray; "maybe the
>>>>>>>>>>> pointer has moved, hit it again." value: Sensor
>>>>>>>>>>> mousePoint asString ; value: Time
>>>>>>>>>>> millisecondClockValue asByteArray
>>>>>>>>>>>
>>>>>>>>>>> --- Pharo port: unpredictableStringsDo: aBlock
>>>>>>>>>>> "Enumerate sources of information from my
>>>>>>>>>>> environment that
>>>>>>>
>>>>>>> should
>>>>>>>>>>>
>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>
>>>>>>>>>>> | time | time := Time millisecondsToRun: [
>>>>>>>>>>> aBlock value: Time millisecondClockValue
>>>>>>>>>>> asByteArray ; value: Date today asString ; value:
>>>>>>>>>>> Time now asString. 100 timesRepeat: [ aBlock
>>>>>>>>>>> value: UUID new ]. #(version primImagePath
>>>>>>>>>>> imagePath datedVersion lastQuitLogPosition)
>>>>>>>>>>> collect: [ : each | aBlock value: (SmalltalkImage
>>>>>>>>>>> current perform: each)
>>>>>>>
>>>>>>> asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ] ]. aBlock value: time asByteArray; value: Time
>>>>>>>>>>> millisecondClockValue asByteArray
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> This is a message intended for anyone who was
>>>>>>>>>>>> on the Cryptography
>>>>>>>
>>>>>>> team.
>>>>>>>>>>>>
>>>>>>>>>>>> I recently ported it to Pharo and had to make
>>>>>>>>>>>> changes to
>>>>>>>>>>>
>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>
>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly
>>>>>>>>>>>> removed some class>>uncertainty from the
>>>>>>>>>>>> results of this message. My question is what
>>>>>>>>>>>> should I do about that? This method seems to
>>>>>>>>>>>> require non-headless, as it is checking the
>>>>>>>>>>>> mouse point and such. This being a crypto
>>>>>>>>>>>> cornerstone, what the best answer here.
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you, Robert
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> -----------------------------------------------------------
>>>>>>>>
>>>>>>>>
Louis LaBrunda

>>>>>>>> Keystone Software Corp. SkypeMe callto://PhotonDemon
>>>>>>>> mailto:[hidden email] http://www.Keystone-
>>>> Software.com
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>>>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
In reply to this post by Ron Teitelbaum
(resending with Pharo list)

Ron, would it be an easy process to add a second URL to the exception
paperwork. Pharo does have new ideas about code storage and distribution
that we would want to take advantage of. This would help a lot!

Then again, screw their paperwork requirements of us. Put my name as
responsible on the Pharo code and I'll take a trip to Cuba, if they need
a scape goat for their 20th century thinking. Crypto is already out of
the bag and everyone uses it freely. Just do it and ask permission later.

In thinking about consolidating crypto code between squeak and pharo, I
would guess there would be a thin capatibility layer for each system,
then the Crypto code in the main. My goal is to have compatibility,
crypto and plugins on both virtual platforms.

Thanks so much ^^

Robert

On 10/19/2015 05:17 PM, Ron Teitelbaum wrote:

> Hi Chris,
>
> The exemption is not for the location of the server but the URL where it is hosted.  I'm happy to help in any way I can but I don't have access to the Pharo Repos.  I have no issue with having Pharo packages on SqueakSource if that is what everyone agrees too.  We have multiple packages hosted there.  It's ok with me if we host some pharo code there too.
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: Chris Muller [mailto:[hidden email]]
>> Sent: Monday, October 19, 2015 3:59 PM
>> To: Ron Teitelbaum
>> Cc: Pharo Development List; The general-purpose Squeak developers list
>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>> RandomGenerator class>>unpredictableStringsDo:
>>
>> Heh, well, since then SqueakSource itself was moved to a different server in
>> a different country.  I guess there was also a mirror of SqueakSource hosted
>> in Chile under a different URL for many years.
>>
>> I'm doubtful any of it matters, but we wouldn't want anyone to end up in
>> Gitmo over it.  If you're uncomfortable about hosting a copy elsewhere, then
>> please at least namespace-prefix the Pharo-specific packages, to at least help
>> keep it from becoming a tangled mess.
>>
>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]>
>> wrote:
>>> Hi All,
>>>
>>> Unless someone filed the proper paperwork I would suggest NOT moving
>> the cryptography code anywhere except for SqueakSource.  When we started
>> the project we spent time ensuring that we had a proper exemption from
>> the  U.S. regulations on exporting cryptographic code.  If someone copied
>> and forked the code that exemption may not still apply to that new
>> repository.
>>>
>>> I'm not personally involved with the code on Pharo, not sure who is doing
>> crypto there.
>>>
>>> All the best,
>>>
>>> Ron
>>>
>>>> -----Original Message-----
>>>> From: Pharo-dev [mailto:[hidden email]] On Behalf
>>>> Of Chris Muller
>>>> Sent: Monday, October 19, 2015 2:47 PM
>>>> To: The general-purpose Squeak developers list
>>>> Cc: Pharo Development List
>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>
>>>> Yes, if a common package for both Squeak and Pharo is possible,
>>>> that'd be great.  Otherwise, the Squeak and Pharo versions should
>>>> reside in separate repositories.  Squeak users are still using
>>>> squeaksource.com, Pharo moved to smalltalkhub and beyond..
>>>>
>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
>>>> <[hidden email]> wrote:
>>>>> hey Ron,
>>>>>
>>>>> It was actually the Pharo Cryptography team I was thinking of.
>>>>> Perhaps we can get the same package to work in both squeak and
>>>>> Pharo, with use of installable entropy sources or the like. In
>>>>> order to get SqueakElib running in Pharo I need crypto and we may as
>> well do it right.
>>>>>
>>>>> Cheers,
>>>>> Robert
>>>>>
>>>>>
>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>>>>>>
>>>>>> Hi Robert,
>>>>>>
>>>>>> You are already on the Cryptograph repo on SqueakSource.com as an
>>>> admin.
>>>>>> Please feel free to reorg if you like.
>>>>>>
>>>>>> Let me know if you have trouble resurrecting your account.
>>>>>>
>>>>>> All the best,
>>>>>>
>>>>>> Ron
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: [hidden email]
>>>>>>> [mailto:squeak-dev- [hidden email]] On Behalf
>>>>>>> Of Robert Withers
>>>>>>> Sent: Monday, October 19, 2015 1:53 PM
>>>>>>> To: [hidden email]
>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to
>>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>>>>
>>>>>>> This is great guys. Is there a way to get this from the image?
>>>>>>> Good to get
>>>>>>
>>>>>> it
>>>>>>>
>>>>>>> with an FFI/OSProcess call or something.
>>>>>>>
>>>>>>> Thank you,
>>>>>>> Robert
>>>>>>>
>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>>>>>>>
>>>>>>>> Hi Guys,
>>>>>>>>
>>>>>>>> How about getting the CPU temperature.  I think most CPUs
>>>>>>>> support "Digital Thermal Sensor" (I'm not sure about ARM).  I
>>>>>>>> think it is seven bits.  The real range should be less than that
>>>>>>>> but it may be enough to help add some entropy.
>>>>>>>>
>>>>>>>> Lou
>>>>>>>>
>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>>>>>>> <[hidden email]> wrote:
>>>>>>>>
>>>>>>>>> Hi Ron , nice to see you too! It has been a number of years, hasn't
>> it?
>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I hope
>>>>>>>>> these have been kind years to you, as they have for me.
>>>>>>>>>
>>>>>>>>> I love the idea of optional sources of entropy, depending on
>>>>>>>>> the deployed capabilities. So there are our mouse points and
>>>>>>>>> such, because they ought to be optional.
>>>>>>>>>
>>>>>>>>> What are some reliably present sources in the most minimal
>>>> situation?
>>>>>>>>> If we could define minimal as an image with no image level I/O
>>>>>>>>> beyond file I/O, I would think we'd have: Kernel, System,
>>>>>>>>> Collections, Compiler and FFI. Some intransitives in that scope
>>>>>>>>> for entropy would be
>>>>>>>
>>>>>>> grand.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I was thinking to take 5 millisecondClockValues, separated by 4
>>>>>>>>> non-secure random intervals: take the low order byte of the 4
>>>>>>>>> intervals and reverse & concat them, as a entropic source.
>>>>>>>>>
>>>>>>>>> I can coordinate these changes. Ron, could you add me to the
>>>>>>>>> Cryptography team so I can upload the Pharo Cryptography
>>>>>>>
>>>>>>> #bleedingEdge?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks and I look forward to more, :)
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Robert,
>>>>>>>>>>
>>>>>>>>>> Nice to see you!
>>>>>>>>>>
>>>>>>>>>> Looks interesting I know that Chris did something gathering
>>>>>>>>>> sources of
>>>>>>>
>>>>>>> entropy.  Seems like the more the better.  Could you just make
>>>>>>> the entropy sources optional such that if they exist we use them?
>>>>>>> I would have to go back and see what Chris did but he was
>>>>>>> following suggestions from Schneider in his secureRandom.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> All the best,
>>>>>>>>>>
>>>>>>>>>> Ron Teitelbaum
>>>>>>>>>>
>>>>>>>>>>> -----Original Message-----
>>>>>>>>>>> From: Pharo-dev [mailto:[hidden email]] On
>>>>>>>>>>> Behalf Of Robert Withers
>>>>>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>>>>>>>>> To: The general-purpose Squeak developers list; Pharo
>>>>>>>>>>> Development List
>>>>>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>>>>>>> RandomGenerator
>>>>>>>>>>> class>>unpredictableStringsDo:
>>>>>>>>>>>
>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing method,
>>>>>>>>>>> followed by my modified Pharo method below. I welcome any
>>>> feedback.
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Robert
>>>>>>>>>>>
>>>>>>>>>>> ---
>>>>>>>>>>> Existing:
>>>>>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>>>>>          "Enumerate sources of information from my environment
>>>>>>>>>>> that
>>>>>>>
>>>>>>> should
>>>>>>>>>>>
>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>          | time |
>>>>>>>>>>>          time := Time millisecondsToRun:
>>>>>>>>>>>                  [ aBlock
>>>>>>>>>>>                          value: World imageForm bits
>>>>>>>>>>> compressToByteArray ;
>>>>>>>>>>>                          value: Sensor mousePoint x asString ;
>>>>>>>>>>>                          value: Sensor mousePoint y asString ;
>>>>>>>>>>>                          value: Time millisecondClockValue
>>>>>>>>>>> asByteArray ;
>>>>>>>>>>>                          value: Date today asString ;
>>>>>>>>>>>                          value: Time now asString ;
>>>>>>>>>>>                          value: Display extent asString.
>>>>>>>>>>>                  100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>>>>>                  #(vmVersion platformName primVmPath imageName
>>>>>>>
>>>>>>> platformSubtype
>>>>>>>>>>>
>>>>>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
>>>>>>>>>>> imageName)
>>>>>>>>>>> collect:
>>>>>>>>>>>                          [ : each |
>>>>>>>>>>>                          aBlock value: (SmalltalkImage current
>>>>>>>>>>> perform: each)
>>>>>>>
>>>>>>> asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ] ].
>>>>>>>>>>>          aBlock
>>>>>>>>>>>                  value: time asByteArray;
>>>>>>>>>>>                  "maybe the pointer has moved, hit it again."
>>>>>>>>>>>                  value: Sensor mousePoint asString ;
>>>>>>>>>>>                  value: Time millisecondClockValue asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ---
>>>>>>>>>>> Pharo port:
>>>>>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>>>>>          "Enumerate sources of information from my environment
>>>>>>>>>>> that
>>>>>>>
>>>>>>> should
>>>>>>>>>>>
>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>
>>>>>>>>>>>          | time |
>>>>>>>>>>>          time := Time millisecondsToRun:
>>>>>>>>>>>                  [ aBlock
>>>>>>>>>>>                          value: Time millisecondClockValue
>>>>>>>>>>> asByteArray ;
>>>>>>>>>>>                          value: Date today asString ;
>>>>>>>>>>>                          value: Time now asString.
>>>>>>>>>>>                  100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>>>>>                  #(version primImagePath imagePath
>>>>>>>>>>> datedVersion
>>>>>>>>>>> lastQuitLogPosition)
>>>>>>>>>>> collect:
>>>>>>>>>>>                          [ : each |
>>>>>>>>>>>                          aBlock value: (SmalltalkImage current
>>>>>>>>>>> perform: each)
>>>>>>>
>>>>>>> asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ] ].
>>>>>>>>>>>          aBlock
>>>>>>>>>>>                  value: time asByteArray;
>>>>>>>>>>>                  value: Time millisecondClockValue asByteArray
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> This is a message intended for anyone who was on the
>>>>>>>>>>>> Cryptography
>>>>>>>
>>>>>>> team.
>>>>>>>>>>>>
>>>>>>>>>>>> I recently ported it to Pharo and had to make changes to
>>>>>>>>>>>
>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>
>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
>>>>>>>>>>>> class>>uncertainty
>>>>>>>>>>>> from the results of this message. My question is what should
>>>>>>>>>>>> I do about that? This method seems to require non-headless,
>>>>>>>>>>>> as it is checking the mouse point and such. This being a
>>>>>>>>>>>> crypto cornerstone, what the best answer here.
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you,
>>>>>>>>>>>> Robert
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> -----------------------------------------------------------
>>>>>>>> Louis LaBrunda
>>>>>>>> Keystone Software Corp.
>>>>>>>> SkypeMe callto://PhotonDemon
>>>>>>>> mailto:[hidden email] http://www.Keystone-
>>>> Software.com
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>>>
>
>

Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Ron Teitelbaum
Hi Robert,

I went back and reviewed and this is what I sent to BIS.

http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117.html 

Not much to it but we got a lot of advice from SFLC first.

>From our research OS projects are allowed to host cryptographic code and make available for anyone to download.  BUT that does not exclude users of the code from being restrained from exporting that code to any USA identified restricted entities.  For example: http://www.state.gov/j/ct/list/c14151.htm 

I would recommend at the very least to register the repo with the BIS for Pharo, but I would also contact the SFLC to verify nothing has changed.

All the best,

Ron

> -----Original Message-----
> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
> Robert Withers
> Sent: Monday, October 19, 2015 5:28 PM
> To: The general-purpose Squeak developers list; 'Chris Muller'
> Cc: 'Pharo Development List'
> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
> RandomGenerator class>>unpredictableStringsDo:
>
> (resending with Pharo list)
>
> Ron, would it be an easy process to add a second URL to the exception
> paperwork. Pharo does have new ideas about code storage and distribution
> that we would want to take advantage of. This would help a lot!
>
> Then again, screw their paperwork requirements of us. Put my name as
> responsible on the Pharo code and I'll take a trip to Cuba, if they need a
> scape goat for their 20th century thinking. Crypto is already out of the bag
> and everyone uses it freely. Just do it and ask permission later.
>
> In thinking about consolidating crypto code between squeak and pharo, I
> would guess there would be a thin capatibility layer for each system, then
> the Crypto code in the main. My goal is to have compatibility, crypto and
> plugins on both virtual platforms.
>
> Thanks so much ^^
>
> Robert
>
> On 10/19/2015 05:17 PM, Ron Teitelbaum wrote:
> > Hi Chris,
> >
> > The exemption is not for the location of the server but the URL where it is
> hosted.  I'm happy to help in any way I can but I don't have access to the
> Pharo Repos.  I have no issue with having Pharo packages on SqueakSource if
> that is what everyone agrees too.  We have multiple packages hosted there.
> It's ok with me if we host some pharo code there too.
> >
> > All the best,
> >
> > Ron
> >
> >> -----Original Message-----
> >> From: Chris Muller [mailto:[hidden email]]
> >> Sent: Monday, October 19, 2015 3:59 PM
> >> To: Ron Teitelbaum
> >> Cc: Pharo Development List; The general-purpose Squeak developers
> >> list
> >> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
> >> RandomGenerator class>>unpredictableStringsDo:
> >>
> >> Heh, well, since then SqueakSource itself was moved to a different
> >> server in a different country.  I guess there was also a mirror of
> >> SqueakSource hosted in Chile under a different URL for many years.
> >>
> >> I'm doubtful any of it matters, but we wouldn't want anyone to end up
> >> in Gitmo over it.  If you're uncomfortable about hosting a copy
> >> elsewhere, then please at least namespace-prefix the Pharo-specific
> >> packages, to at least help keep it from becoming a tangled mess.
> >>
> >> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]>
> >> wrote:
> >>> Hi All,
> >>>
> >>> Unless someone filed the proper paperwork I would suggest NOT moving
> >> the cryptography code anywhere except for SqueakSource.  When we
> >> started the project we spent time ensuring that we had a proper
> >> exemption from the  U.S. regulations on exporting cryptographic code.
> >> If someone copied and forked the code that exemption may not still
> >> apply to that new repository.
> >>>
> >>> I'm not personally involved with the code on Pharo, not sure who is
> >>> doing
> >> crypto there.
> >>>
> >>> All the best,
> >>>
> >>> Ron
> >>>
> >>>> -----Original Message-----
> >>>> From: Pharo-dev [mailto:[hidden email]] On
> >>>> Behalf Of Chris Muller
> >>>> Sent: Monday, October 19, 2015 2:47 PM
> >>>> To: The general-purpose Squeak developers list
> >>>> Cc: Pharo Development List
> >>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
> >>>> RandomGenerator class>>unpredictableStringsDo:
> >>>>
> >>>> Yes, if a common package for both Squeak and Pharo is possible,
> >>>> that'd be great.  Otherwise, the Squeak and Pharo versions should
> >>>> reside in separate repositories.  Squeak users are still using
> >>>> squeaksource.com, Pharo moved to smalltalkhub and beyond..
> >>>>
> >>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
> >>>> <[hidden email]> wrote:
> >>>>> hey Ron,
> >>>>>
> >>>>> It was actually the Pharo Cryptography team I was thinking of.
> >>>>> Perhaps we can get the same package to work in both squeak and
> >>>>> Pharo, with use of installable entropy sources or the like. In
> >>>>> order to get SqueakElib running in Pharo I need crypto and we may
> >>>>> as
> >> well do it right.
> >>>>>
> >>>>> Cheers,
> >>>>> Robert
> >>>>>
> >>>>>
> >>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
> >>>>>>
> >>>>>> Hi Robert,
> >>>>>>
> >>>>>> You are already on the Cryptograph repo on SqueakSource.com as an
> >>>> admin.
> >>>>>> Please feel free to reorg if you like.
> >>>>>>
> >>>>>> Let me know if you have trouble resurrecting your account.
> >>>>>>
> >>>>>> All the best,
> >>>>>>
> >>>>>> Ron
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: [hidden email]
> >>>>>>> [mailto:squeak-dev- [hidden email]] On
> >>>>>>> Behalf Of Robert Withers
> >>>>>>> Sent: Monday, October 19, 2015 1:53 PM
> >>>>>>> To: [hidden email]
> >>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to
> >>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo:
> >>>>>>>
> >>>>>>> This is great guys. Is there a way to get this from the image?
> >>>>>>> Good to get
> >>>>>>
> >>>>>> it
> >>>>>>>
> >>>>>>> with an FFI/OSProcess call or something.
> >>>>>>>
> >>>>>>> Thank you,
> >>>>>>> Robert
> >>>>>>>
> >>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
> >>>>>>>>
> >>>>>>>> Hi Guys,
> >>>>>>>>
> >>>>>>>> How about getting the CPU temperature.  I think most CPUs
> >>>>>>>> support "Digital Thermal Sensor" (I'm not sure about ARM).  I
> >>>>>>>> think it is seven bits.  The real range should be less than
> >>>>>>>> that but it may be enough to help add some entropy.
> >>>>>>>>
> >>>>>>>> Lou
> >>>>>>>>
> >>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
> >>>>>>>> <[hidden email]> wrote:
> >>>>>>>>
> >>>>>>>>> Hi Ron , nice to see you too! It has been a number of years,
> >>>>>>>>> hasn't
> >> it?
> >>>>>>>>> Crypto is timestamped back in 2010, so there is is. I hope
> >>>>>>>>> these have been kind years to you, as they have for me.
> >>>>>>>>>
> >>>>>>>>> I love the idea of optional sources of entropy, depending on
> >>>>>>>>> the deployed capabilities. So there are our mouse points and
> >>>>>>>>> such, because they ought to be optional.
> >>>>>>>>>
> >>>>>>>>> What are some reliably present sources in the most minimal
> >>>> situation?
> >>>>>>>>> If we could define minimal as an image with no image level I/O
> >>>>>>>>> beyond file I/O, I would think we'd have: Kernel, System,
> >>>>>>>>> Collections, Compiler and FFI. Some intransitives in that
> >>>>>>>>> scope for entropy would be
> >>>>>>>
> >>>>>>> grand.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> I was thinking to take 5 millisecondClockValues, separated by
> >>>>>>>>> 4 non-secure random intervals: take the low order byte of the
> >>>>>>>>> 4 intervals and reverse & concat them, as a entropic source.
> >>>>>>>>>
> >>>>>>>>> I can coordinate these changes. Ron, could you add me to the
> >>>>>>>>> Cryptography team so I can upload the Pharo Cryptography
> >>>>>>>
> >>>>>>> #bleedingEdge?
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Thanks and I look forward to more, :)
> >>>>>>>>>
> >>>>>>>>> Robert
> >>>>>>>>>
> >>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
> >>>>>>>>>>
> >>>>>>>>>> Hi Robert,
> >>>>>>>>>>
> >>>>>>>>>> Nice to see you!
> >>>>>>>>>>
> >>>>>>>>>> Looks interesting I know that Chris did something gathering
> >>>>>>>>>> sources of
> >>>>>>>
> >>>>>>> entropy.  Seems like the more the better.  Could you just make
> >>>>>>> the entropy sources optional such that if they exist we use them?
> >>>>>>> I would have to go back and see what Chris did but he was
> >>>>>>> following suggestions from Schneider in his secureRandom.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> All the best,
> >>>>>>>>>>
> >>>>>>>>>> Ron Teitelbaum
> >>>>>>>>>>
> >>>>>>>>>>> -----Original Message-----
> >>>>>>>>>>> From: Pharo-dev [mailto:[hidden email]]
> >>>>>>>>>>> On Behalf Of Robert Withers
> >>>>>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
> >>>>>>>>>>> To: The general-purpose Squeak developers list; Pharo
> >>>>>>>>>>> Development List
> >>>>>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
> >>>>>>>>>>> RandomGenerator
> >>>>>>>>>>> class>>unpredictableStringsDo:
> >>>>>>>>>>>
> >>>>>>>>>>> I'm sorry, I forgot the code. I list the existing method,
> >>>>>>>>>>> followed by my modified Pharo method below. I welcome any
> >>>> feedback.
> >>>>>>>>>>>
> >>>>>>>>>>> Regards,
> >>>>>>>>>>> Robert
> >>>>>>>>>>>
> >>>>>>>>>>> ---
> >>>>>>>>>>> Existing:
> >>>>>>>>>>> unpredictableStringsDo: aBlock
> >>>>>>>>>>>          "Enumerate sources of information from my
> >>>>>>>>>>> environment that
> >>>>>>>
> >>>>>>> should
> >>>>>>>>>>>
> >>>>>>>>>>> be generally hard to guess."
> >>>>>>>>>>>          | time |
> >>>>>>>>>>>          time := Time millisecondsToRun:
> >>>>>>>>>>>                  [ aBlock
> >>>>>>>>>>>                          value: World imageForm bits
> >>>>>>>>>>> compressToByteArray ;
> >>>>>>>>>>>                          value: Sensor mousePoint x asString ;
> >>>>>>>>>>>                          value: Sensor mousePoint y asString ;
> >>>>>>>>>>>                          value: Time millisecondClockValue
> >>>>>>>>>>> asByteArray ;
> >>>>>>>>>>>                          value: Date today asString ;
> >>>>>>>>>>>                          value: Time now asString ;
> >>>>>>>>>>>                          value: Display extent asString.
> >>>>>>>>>>>                  100 timesRepeat: [ aBlock value: UUID new ].
> >>>>>>>>>>>                  #(vmVersion platformName primVmPath
> >>>>>>>>>>> imageName
> >>>>>>>
> >>>>>>> platformSubtype
> >>>>>>>>>>>
> >>>>>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
> >>>>>>>>>>> imageName)
> >>>>>>>>>>> collect:
> >>>>>>>>>>>                          [ : each |
> >>>>>>>>>>>                          aBlock value: (SmalltalkImage
> >>>>>>>>>>> current
> >>>>>>>>>>> perform: each)
> >>>>>>>
> >>>>>>> asByteArray
> >>>>>>>>>>>
> >>>>>>>>>>> ] ].
> >>>>>>>>>>>          aBlock
> >>>>>>>>>>>                  value: time asByteArray;
> >>>>>>>>>>>                  "maybe the pointer has moved, hit it again."
> >>>>>>>>>>>                  value: Sensor mousePoint asString ;
> >>>>>>>>>>>                  value: Time millisecondClockValue
> >>>>>>>>>>> asByteArray
> >>>>>>>>>>>
> >>>>>>>>>>> ---
> >>>>>>>>>>> Pharo port:
> >>>>>>>>>>> unpredictableStringsDo: aBlock
> >>>>>>>>>>>          "Enumerate sources of information from my
> >>>>>>>>>>> environment that
> >>>>>>>
> >>>>>>> should
> >>>>>>>>>>>
> >>>>>>>>>>> be generally hard to guess."
> >>>>>>>>>>>
> >>>>>>>>>>>          | time |
> >>>>>>>>>>>          time := Time millisecondsToRun:
> >>>>>>>>>>>                  [ aBlock
> >>>>>>>>>>>                          value: Time millisecondClockValue
> >>>>>>>>>>> asByteArray ;
> >>>>>>>>>>>                          value: Date today asString ;
> >>>>>>>>>>>                          value: Time now asString.
> >>>>>>>>>>>                  100 timesRepeat: [ aBlock value: UUID new ].
> >>>>>>>>>>>                  #(version primImagePath imagePath
> >>>>>>>>>>> datedVersion
> >>>>>>>>>>> lastQuitLogPosition)
> >>>>>>>>>>> collect:
> >>>>>>>>>>>                          [ : each |
> >>>>>>>>>>>                          aBlock value: (SmalltalkImage
> >>>>>>>>>>> current
> >>>>>>>>>>> perform: each)
> >>>>>>>
> >>>>>>> asByteArray
> >>>>>>>>>>>
> >>>>>>>>>>> ] ].
> >>>>>>>>>>>          aBlock
> >>>>>>>>>>>                  value: time asByteArray;
> >>>>>>>>>>>                  value: Time millisecondClockValue
> >>>>>>>>>>> asByteArray
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> This is a message intended for anyone who was on the
> >>>>>>>>>>>> Cryptography
> >>>>>>>
> >>>>>>> team.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I recently ported it to Pharo and had to make changes to
> >>>>>>>>>>>
> >>>>>>>>>>> RandomGenerator
> >>>>>>>>>>>>
> >>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
> >>>>>>>>>>>> class>>uncertainty
> >>>>>>>>>>>> from the results of this message. My question is what
> >>>>>>>>>>>> should I do about that? This method seems to require
> >>>>>>>>>>>> non-headless, as it is checking the mouse point and such.
> >>>>>>>>>>>> This being a crypto cornerstone, what the best answer here.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thank you,
> >>>>>>>>>>>> Robert
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>> -----------------------------------------------------------
> >>>>>>>> Louis LaBrunda
> >>>>>>>> Keystone Software Corp.
> >>>>>>>> SkypeMe callto://PhotonDemon
> >>>>>>>> mailto:[hidden email] http://www.Keystone-
> >>>> Software.com
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>
> >>>
> >
> >



Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
Thank you for you research and advise on how to make it right, Ron. I
may look into it, but I don't want to promise you that I will
definitely. I will certainly put this in my crypto folder, though.  :)


... ^^
robert


On 10/19/2015 06:25 PM, Ron Teitelbaum wrote:

> Hi Robert,
>
> I went back and reviewed and this is what I sent to BIS.
>
> http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117.html
>
> Not much to it but we got a lot of advice from SFLC first.
>
>>From our research OS projects are allowed to host cryptographic code and make available for anyone to download.  BUT that does not exclude users of the code from being restrained from exporting that code to any USA identified restricted entities.  For example: http://www.state.gov/j/ct/list/c14151.htm
>
> I would recommend at the very least to register the repo with the BIS for Pharo, but I would also contact the SFLC to verify nothing has changed.
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
>> Robert Withers
>> Sent: Monday, October 19, 2015 5:28 PM
>> To: The general-purpose Squeak developers list; 'Chris Muller'
>> Cc: 'Pharo Development List'
>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>> RandomGenerator class>>unpredictableStringsDo:
>>
>> (resending with Pharo list)
>>
>> Ron, would it be an easy process to add a second URL to the exception
>> paperwork. Pharo does have new ideas about code storage and distribution
>> that we would want to take advantage of. This would help a lot!
>>
>> Then again, screw their paperwork requirements of us. Put my name as
>> responsible on the Pharo code and I'll take a trip to Cuba, if they need a
>> scape goat for their 20th century thinking. Crypto is already out of the bag
>> and everyone uses it freely. Just do it and ask permission later.
>>
>> In thinking about consolidating crypto code between squeak and pharo, I
>> would guess there would be a thin capatibility layer for each system, then
>> the Crypto code in the main. My goal is to have compatibility, crypto and
>> plugins on both virtual platforms.
>>
>> Thanks so much ^^
>>
>> Robert
>>
>> On 10/19/2015 05:17 PM, Ron Teitelbaum wrote:
>>> Hi Chris,
>>>
>>> The exemption is not for the location of the server but the URL where it is
>> hosted.  I'm happy to help in any way I can but I don't have access to the
>> Pharo Repos.  I have no issue with having Pharo packages on SqueakSource if
>> that is what everyone agrees too.  We have multiple packages hosted there.
>> It's ok with me if we host some pharo code there too.
>>>
>>> All the best,
>>>
>>> Ron
>>>
>>>> -----Original Message-----
>>>> From: Chris Muller [mailto:[hidden email]]
>>>> Sent: Monday, October 19, 2015 3:59 PM
>>>> To: Ron Teitelbaum
>>>> Cc: Pharo Development List; The general-purpose Squeak developers
>>>> list
>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>
>>>> Heh, well, since then SqueakSource itself was moved to a different
>>>> server in a different country.  I guess there was also a mirror of
>>>> SqueakSource hosted in Chile under a different URL for many years.
>>>>
>>>> I'm doubtful any of it matters, but we wouldn't want anyone to end up
>>>> in Gitmo over it.  If you're uncomfortable about hosting a copy
>>>> elsewhere, then please at least namespace-prefix the Pharo-specific
>>>> packages, to at least help keep it from becoming a tangled mess.
>>>>
>>>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]>
>>>> wrote:
>>>>> Hi All,
>>>>>
>>>>> Unless someone filed the proper paperwork I would suggest NOT moving
>>>> the cryptography code anywhere except for SqueakSource.  When we
>>>> started the project we spent time ensuring that we had a proper
>>>> exemption from the  U.S. regulations on exporting cryptographic code.
>>>> If someone copied and forked the code that exemption may not still
>>>> apply to that new repository.
>>>>>
>>>>> I'm not personally involved with the code on Pharo, not sure who is
>>>>> doing
>>>> crypto there.
>>>>>
>>>>> All the best,
>>>>>
>>>>> Ron
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Pharo-dev [mailto:[hidden email]] On
>>>>>> Behalf Of Chris Muller
>>>>>> Sent: Monday, October 19, 2015 2:47 PM
>>>>>> To: The general-purpose Squeak developers list
>>>>>> Cc: Pharo Development List
>>>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>>>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>>>
>>>>>> Yes, if a common package for both Squeak and Pharo is possible,
>>>>>> that'd be great.  Otherwise, the Squeak and Pharo versions should
>>>>>> reside in separate repositories.  Squeak users are still using
>>>>>> squeaksource.com, Pharo moved to smalltalkhub and beyond..
>>>>>>
>>>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
>>>>>> <[hidden email]> wrote:
>>>>>>> hey Ron,
>>>>>>>
>>>>>>> It was actually the Pharo Cryptography team I was thinking of.
>>>>>>> Perhaps we can get the same package to work in both squeak and
>>>>>>> Pharo, with use of installable entropy sources or the like. In
>>>>>>> order to get SqueakElib running in Pharo I need crypto and we may
>>>>>>> as
>>>> well do it right.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Robert
>>>>>>>
>>>>>>>
>>>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>>>>>>>>
>>>>>>>> Hi Robert,
>>>>>>>>
>>>>>>>> You are already on the Cryptograph repo on SqueakSource.com as an
>>>>>> admin.
>>>>>>>> Please feel free to reorg if you like.
>>>>>>>>
>>>>>>>> Let me know if you have trouble resurrecting your account.
>>>>>>>>
>>>>>>>> All the best,
>>>>>>>>
>>>>>>>> Ron
>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: [hidden email]
>>>>>>>>> [mailto:squeak-dev- [hidden email]] On
>>>>>>>>> Behalf Of Robert Withers
>>>>>>>>> Sent: Monday, October 19, 2015 1:53 PM
>>>>>>>>> To: [hidden email]
>>>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to
>>>>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>>>>>>
>>>>>>>>> This is great guys. Is there a way to get this from the image?
>>>>>>>>> Good to get
>>>>>>>>
>>>>>>>> it
>>>>>>>>>
>>>>>>>>> with an FFI/OSProcess call or something.
>>>>>>>>>
>>>>>>>>> Thank you,
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Guys,
>>>>>>>>>>
>>>>>>>>>> How about getting the CPU temperature.  I think most CPUs
>>>>>>>>>> support "Digital Thermal Sensor" (I'm not sure about ARM).  I
>>>>>>>>>> think it is seven bits.  The real range should be less than
>>>>>>>>>> that but it may be enough to help add some entropy.
>>>>>>>>>>
>>>>>>>>>> Lou
>>>>>>>>>>
>>>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>>>>>>>>> <[hidden email]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Ron , nice to see you too! It has been a number of years,
>>>>>>>>>>> hasn't
>>>> it?
>>>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I hope
>>>>>>>>>>> these have been kind years to you, as they have for me.
>>>>>>>>>>>
>>>>>>>>>>> I love the idea of optional sources of entropy, depending on
>>>>>>>>>>> the deployed capabilities. So there are our mouse points and
>>>>>>>>>>> such, because they ought to be optional.
>>>>>>>>>>>
>>>>>>>>>>> What are some reliably present sources in the most minimal
>>>>>> situation?
>>>>>>>>>>> If we could define minimal as an image with no image level I/O
>>>>>>>>>>> beyond file I/O, I would think we'd have: Kernel, System,
>>>>>>>>>>> Collections, Compiler and FFI. Some intransitives in that
>>>>>>>>>>> scope for entropy would be
>>>>>>>>>
>>>>>>>>> grand.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I was thinking to take 5 millisecondClockValues, separated by
>>>>>>>>>>> 4 non-secure random intervals: take the low order byte of the
>>>>>>>>>>> 4 intervals and reverse & concat them, as a entropic source.
>>>>>>>>>>>
>>>>>>>>>>> I can coordinate these changes. Ron, could you add me to the
>>>>>>>>>>> Cryptography team so I can upload the Pharo Cryptography
>>>>>>>>>
>>>>>>>>> #bleedingEdge?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks and I look forward to more, :)
>>>>>>>>>>>
>>>>>>>>>>> Robert
>>>>>>>>>>>
>>>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Robert,
>>>>>>>>>>>>
>>>>>>>>>>>> Nice to see you!
>>>>>>>>>>>>
>>>>>>>>>>>> Looks interesting I know that Chris did something gathering
>>>>>>>>>>>> sources of
>>>>>>>>>
>>>>>>>>> entropy.  Seems like the more the better.  Could you just make
>>>>>>>>> the entropy sources optional such that if they exist we use them?
>>>>>>>>> I would have to go back and see what Chris did but he was
>>>>>>>>> following suggestions from Schneider in his secureRandom.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> All the best,
>>>>>>>>>>>>
>>>>>>>>>>>> Ron Teitelbaum
>>>>>>>>>>>>
>>>>>>>>>>>>> -----Original Message-----
>>>>>>>>>>>>> From: Pharo-dev [mailto:[hidden email]]
>>>>>>>>>>>>> On Behalf Of Robert Withers
>>>>>>>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>>>>>>>>>>> To: The general-purpose Squeak developers list; Pharo
>>>>>>>>>>>>> Development List
>>>>>>>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>> class>>unpredictableStringsDo:
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing method,
>>>>>>>>>>>>> followed by my modified Pharo method below. I welcome any
>>>>>> feedback.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Robert
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---
>>>>>>>>>>>>> Existing:
>>>>>>>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>>>>>>>           "Enumerate sources of information from my
>>>>>>>>>>>>> environment that
>>>>>>>>>
>>>>>>>>> should
>>>>>>>>>>>>>
>>>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>>>           | time |
>>>>>>>>>>>>>           time := Time millisecondsToRun:
>>>>>>>>>>>>>                   [ aBlock
>>>>>>>>>>>>>                           value: World imageForm bits
>>>>>>>>>>>>> compressToByteArray ;
>>>>>>>>>>>>>                           value: Sensor mousePoint x asString ;
>>>>>>>>>>>>>                           value: Sensor mousePoint y asString ;
>>>>>>>>>>>>>                           value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray ;
>>>>>>>>>>>>>                           value: Date today asString ;
>>>>>>>>>>>>>                           value: Time now asString ;
>>>>>>>>>>>>>                           value: Display extent asString.
>>>>>>>>>>>>>                   100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>>>>>>>                   #(vmVersion platformName primVmPath
>>>>>>>>>>>>> imageName
>>>>>>>>>
>>>>>>>>> platformSubtype
>>>>>>>>>>>>>
>>>>>>>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
>>>>>>>>>>>>> imageName)
>>>>>>>>>>>>> collect:
>>>>>>>>>>>>>                           [ : each |
>>>>>>>>>>>>>                           aBlock value: (SmalltalkImage
>>>>>>>>>>>>> current
>>>>>>>>>>>>> perform: each)
>>>>>>>>>
>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>> ] ].
>>>>>>>>>>>>>           aBlock
>>>>>>>>>>>>>                   value: time asByteArray;
>>>>>>>>>>>>>                   "maybe the pointer has moved, hit it again."
>>>>>>>>>>>>>                   value: Sensor mousePoint asString ;
>>>>>>>>>>>>>                   value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---
>>>>>>>>>>>>> Pharo port:
>>>>>>>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>>>>>>>           "Enumerate sources of information from my
>>>>>>>>>>>>> environment that
>>>>>>>>>
>>>>>>>>> should
>>>>>>>>>>>>>
>>>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>>>
>>>>>>>>>>>>>           | time |
>>>>>>>>>>>>>           time := Time millisecondsToRun:
>>>>>>>>>>>>>                   [ aBlock
>>>>>>>>>>>>>                           value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray ;
>>>>>>>>>>>>>                           value: Date today asString ;
>>>>>>>>>>>>>                           value: Time now asString.
>>>>>>>>>>>>>                   100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>>>>>>>                   #(version primImagePath imagePath
>>>>>>>>>>>>> datedVersion
>>>>>>>>>>>>> lastQuitLogPosition)
>>>>>>>>>>>>> collect:
>>>>>>>>>>>>>                           [ : each |
>>>>>>>>>>>>>                           aBlock value: (SmalltalkImage
>>>>>>>>>>>>> current
>>>>>>>>>>>>> perform: each)
>>>>>>>>>
>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>> ] ].
>>>>>>>>>>>>>           aBlock
>>>>>>>>>>>>>                   value: time asByteArray;
>>>>>>>>>>>>>                   value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This is a message intended for anyone who was on the
>>>>>>>>>>>>>> Cryptography
>>>>>>>>>
>>>>>>>>> team.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I recently ported it to Pharo and had to make changes to
>>>>>>>>>>>>>
>>>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
>>>>>>>>>>>>>> class>>uncertainty
>>>>>>>>>>>>>> from the results of this message. My question is what
>>>>>>>>>>>>>> should I do about that? This method seems to require
>>>>>>>>>>>>>> non-headless, as it is checking the mouse point and such.
>>>>>>>>>>>>>> This being a crypto cornerstone, what the best answer here.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thank you,
>>>>>>>>>>>>>> Robert
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> -----------------------------------------------------------
>>>>>>>>>> Louis LaBrunda
>>>>>>>>>> Keystone Software Corp.
>>>>>>>>>> SkypeMe callto://PhotonDemon
>>>>>>>>>> mailto:[hidden email] http://www.Keystone-
>>>>>> Software.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>
>>>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers
In reply to this post by Ron Teitelbaum
Thank you Ron, I'll look into it.

Regards,


... ^^
robert


On 10/19/2015 06:25 PM, Ron Teitelbaum wrote:

> Hi Robert,
>
> I went back and reviewed and this is what I sent to BIS.
>
> http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117.html
>
> Not much to it but we got a lot of advice from SFLC first.
>
>>From our research OS projects are allowed to host cryptographic code and make available for anyone to download.  BUT that does not exclude users of the code from being restrained from exporting that code to any USA identified restricted entities.  For example: http://www.state.gov/j/ct/list/c14151.htm
>
> I would recommend at the very least to register the repo with the BIS for Pharo, but I would also contact the SFLC to verify nothing has changed.
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: Pharo-dev [mailto:[hidden email]] On Behalf Of
>> Robert Withers
>> Sent: Monday, October 19, 2015 5:28 PM
>> To: The general-purpose Squeak developers list; 'Chris Muller'
>> Cc: 'Pharo Development List'
>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>> RandomGenerator class>>unpredictableStringsDo:
>>
>> (resending with Pharo list)
>>
>> Ron, would it be an easy process to add a second URL to the exception
>> paperwork. Pharo does have new ideas about code storage and distribution
>> that we would want to take advantage of. This would help a lot!
>>
>> Then again, screw their paperwork requirements of us. Put my name as
>> responsible on the Pharo code and I'll take a trip to Cuba, if they need a
>> scape goat for their 20th century thinking. Crypto is already out of the bag
>> and everyone uses it freely. Just do it and ask permission later.
>>
>> In thinking about consolidating crypto code between squeak and pharo, I
>> would guess there would be a thin capatibility layer for each system, then
>> the Crypto code in the main. My goal is to have compatibility, crypto and
>> plugins on both virtual platforms.
>>
>> Thanks so much ^^
>>
>> Robert
>>
>> On 10/19/2015 05:17 PM, Ron Teitelbaum wrote:
>>> Hi Chris,
>>>
>>> The exemption is not for the location of the server but the URL where it is
>> hosted.  I'm happy to help in any way I can but I don't have access to the
>> Pharo Repos.  I have no issue with having Pharo packages on SqueakSource if
>> that is what everyone agrees too.  We have multiple packages hosted there.
>> It's ok with me if we host some pharo code there too.
>>>
>>> All the best,
>>>
>>> Ron
>>>
>>>> -----Original Message-----
>>>> From: Chris Muller [mailto:[hidden email]]
>>>> Sent: Monday, October 19, 2015 3:59 PM
>>>> To: Ron Teitelbaum
>>>> Cc: Pharo Development List; The general-purpose Squeak developers
>>>> list
>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>
>>>> Heh, well, since then SqueakSource itself was moved to a different
>>>> server in a different country.  I guess there was also a mirror of
>>>> SqueakSource hosted in Chile under a different URL for many years.
>>>>
>>>> I'm doubtful any of it matters, but we wouldn't want anyone to end up
>>>> in Gitmo over it.  If you're uncomfortable about hosting a copy
>>>> elsewhere, then please at least namespace-prefix the Pharo-specific
>>>> packages, to at least help keep it from becoming a tangled mess.
>>>>
>>>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <[hidden email]>
>>>> wrote:
>>>>> Hi All,
>>>>>
>>>>> Unless someone filed the proper paperwork I would suggest NOT moving
>>>> the cryptography code anywhere except for SqueakSource.  When we
>>>> started the project we spent time ensuring that we had a proper
>>>> exemption from the  U.S. regulations on exporting cryptographic code.
>>>> If someone copied and forked the code that exemption may not still
>>>> apply to that new repository.
>>>>>
>>>>> I'm not personally involved with the code on Pharo, not sure who is
>>>>> doing
>>>> crypto there.
>>>>>
>>>>> All the best,
>>>>>
>>>>> Ron
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Pharo-dev [mailto:[hidden email]] On
>>>>>> Behalf Of Chris Muller
>>>>>> Sent: Monday, October 19, 2015 2:47 PM
>>>>>> To: The general-purpose Squeak developers list
>>>>>> Cc: Pharo Development List
>>>>>> Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo]
>>>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>>>
>>>>>> Yes, if a common package for both Squeak and Pharo is possible,
>>>>>> that'd be great.  Otherwise, the Squeak and Pharo versions should
>>>>>> reside in separate repositories.  Squeak users are still using
>>>>>> squeaksource.com, Pharo moved to smalltalkhub and beyond..
>>>>>>
>>>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
>>>>>> <[hidden email]> wrote:
>>>>>>> hey Ron,
>>>>>>>
>>>>>>> It was actually the Pharo Cryptography team I was thinking of.
>>>>>>> Perhaps we can get the same package to work in both squeak and
>>>>>>> Pharo, with use of installable entropy sources or the like. In
>>>>>>> order to get SqueakElib running in Pharo I need crypto and we may
>>>>>>> as
>>>> well do it right.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Robert
>>>>>>>
>>>>>>>
>>>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>>>>>>>>
>>>>>>>> Hi Robert,
>>>>>>>>
>>>>>>>> You are already on the Cryptograph repo on SqueakSource.com as an
>>>>>> admin.
>>>>>>>> Please feel free to reorg if you like.
>>>>>>>>
>>>>>>>> Let me know if you have trouble resurrecting your account.
>>>>>>>>
>>>>>>>> All the best,
>>>>>>>>
>>>>>>>> Ron
>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: [hidden email]
>>>>>>>>> [mailto:squeak-dev- [hidden email]] On
>>>>>>>>> Behalf Of Robert Withers
>>>>>>>>> Sent: Monday, October 19, 2015 1:53 PM
>>>>>>>>> To: [hidden email]
>>>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port to
>>>>>>>>> Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>>>>>>
>>>>>>>>> This is great guys. Is there a way to get this from the image?
>>>>>>>>> Good to get
>>>>>>>>
>>>>>>>> it
>>>>>>>>>
>>>>>>>>> with an FFI/OSProcess call or something.
>>>>>>>>>
>>>>>>>>> Thank you,
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Guys,
>>>>>>>>>>
>>>>>>>>>> How about getting the CPU temperature.  I think most CPUs
>>>>>>>>>> support "Digital Thermal Sensor" (I'm not sure about ARM).  I
>>>>>>>>>> think it is seven bits.  The real range should be less than
>>>>>>>>>> that but it may be enough to help add some entropy.
>>>>>>>>>>
>>>>>>>>>> Lou
>>>>>>>>>>
>>>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>>>>>>>>> <[hidden email]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Ron , nice to see you too! It has been a number of years,
>>>>>>>>>>> hasn't
>>>> it?
>>>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I hope
>>>>>>>>>>> these have been kind years to you, as they have for me.
>>>>>>>>>>>
>>>>>>>>>>> I love the idea of optional sources of entropy, depending on
>>>>>>>>>>> the deployed capabilities. So there are our mouse points and
>>>>>>>>>>> such, because they ought to be optional.
>>>>>>>>>>>
>>>>>>>>>>> What are some reliably present sources in the most minimal
>>>>>> situation?
>>>>>>>>>>> If we could define minimal as an image with no image level I/O
>>>>>>>>>>> beyond file I/O, I would think we'd have: Kernel, System,
>>>>>>>>>>> Collections, Compiler and FFI. Some intransitives in that
>>>>>>>>>>> scope for entropy would be
>>>>>>>>>
>>>>>>>>> grand.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I was thinking to take 5 millisecondClockValues, separated by
>>>>>>>>>>> 4 non-secure random intervals: take the low order byte of the
>>>>>>>>>>> 4 intervals and reverse & concat them, as a entropic source.
>>>>>>>>>>>
>>>>>>>>>>> I can coordinate these changes. Ron, could you add me to the
>>>>>>>>>>> Cryptography team so I can upload the Pharo Cryptography
>>>>>>>>>
>>>>>>>>> #bleedingEdge?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks and I look forward to more, :)
>>>>>>>>>>>
>>>>>>>>>>> Robert
>>>>>>>>>>>
>>>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Robert,
>>>>>>>>>>>>
>>>>>>>>>>>> Nice to see you!
>>>>>>>>>>>>
>>>>>>>>>>>> Looks interesting I know that Chris did something gathering
>>>>>>>>>>>> sources of
>>>>>>>>>
>>>>>>>>> entropy.  Seems like the more the better.  Could you just make
>>>>>>>>> the entropy sources optional such that if they exist we use them?
>>>>>>>>> I would have to go back and see what Chris did but he was
>>>>>>>>> following suggestions from Schneider in his secureRandom.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> All the best,
>>>>>>>>>>>>
>>>>>>>>>>>> Ron Teitelbaum
>>>>>>>>>>>>
>>>>>>>>>>>>> -----Original Message-----
>>>>>>>>>>>>> From: Pharo-dev [mailto:[hidden email]]
>>>>>>>>>>>>> On Behalf Of Robert Withers
>>>>>>>>>>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>>>>>>>>>>> To: The general-purpose Squeak developers list; Pharo
>>>>>>>>>>>>> Development List
>>>>>>>>>>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>> class>>unpredictableStringsDo:
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing method,
>>>>>>>>>>>>> followed by my modified Pharo method below. I welcome any
>>>>>> feedback.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Robert
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---
>>>>>>>>>>>>> Existing:
>>>>>>>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>>>>>>>           "Enumerate sources of information from my
>>>>>>>>>>>>> environment that
>>>>>>>>>
>>>>>>>>> should
>>>>>>>>>>>>>
>>>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>>>           | time |
>>>>>>>>>>>>>           time := Time millisecondsToRun:
>>>>>>>>>>>>>                   [ aBlock
>>>>>>>>>>>>>                           value: World imageForm bits
>>>>>>>>>>>>> compressToByteArray ;
>>>>>>>>>>>>>                           value: Sensor mousePoint x asString ;
>>>>>>>>>>>>>                           value: Sensor mousePoint y asString ;
>>>>>>>>>>>>>                           value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray ;
>>>>>>>>>>>>>                           value: Date today asString ;
>>>>>>>>>>>>>                           value: Time now asString ;
>>>>>>>>>>>>>                           value: Display extent asString.
>>>>>>>>>>>>>                   100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>>>>>>>                   #(vmVersion platformName primVmPath
>>>>>>>>>>>>> imageName
>>>>>>>>>
>>>>>>>>> platformSubtype
>>>>>>>>>>>>>
>>>>>>>>>>>>> datedVersion lastQuitLogPosition vmStatisticsReportString
>>>>>>>>>>>>> imageName)
>>>>>>>>>>>>> collect:
>>>>>>>>>>>>>                           [ : each |
>>>>>>>>>>>>>                           aBlock value: (SmalltalkImage
>>>>>>>>>>>>> current
>>>>>>>>>>>>> perform: each)
>>>>>>>>>
>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>> ] ].
>>>>>>>>>>>>>           aBlock
>>>>>>>>>>>>>                   value: time asByteArray;
>>>>>>>>>>>>>                   "maybe the pointer has moved, hit it again."
>>>>>>>>>>>>>                   value: Sensor mousePoint asString ;
>>>>>>>>>>>>>                   value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---
>>>>>>>>>>>>> Pharo port:
>>>>>>>>>>>>> unpredictableStringsDo: aBlock
>>>>>>>>>>>>>           "Enumerate sources of information from my
>>>>>>>>>>>>> environment that
>>>>>>>>>
>>>>>>>>> should
>>>>>>>>>>>>>
>>>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>>>
>>>>>>>>>>>>>           | time |
>>>>>>>>>>>>>           time := Time millisecondsToRun:
>>>>>>>>>>>>>                   [ aBlock
>>>>>>>>>>>>>                           value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray ;
>>>>>>>>>>>>>                           value: Date today asString ;
>>>>>>>>>>>>>                           value: Time now asString.
>>>>>>>>>>>>>                   100 timesRepeat: [ aBlock value: UUID new ].
>>>>>>>>>>>>>                   #(version primImagePath imagePath
>>>>>>>>>>>>> datedVersion
>>>>>>>>>>>>> lastQuitLogPosition)
>>>>>>>>>>>>> collect:
>>>>>>>>>>>>>                           [ : each |
>>>>>>>>>>>>>                           aBlock value: (SmalltalkImage
>>>>>>>>>>>>> current
>>>>>>>>>>>>> perform: each)
>>>>>>>>>
>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>> ] ].
>>>>>>>>>>>>>           aBlock
>>>>>>>>>>>>>                   value: time asByteArray;
>>>>>>>>>>>>>                   value: Time millisecondClockValue
>>>>>>>>>>>>> asByteArray
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This is a message intended for anyone who was on the
>>>>>>>>>>>>>> Cryptography
>>>>>>>>>
>>>>>>>>> team.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I recently ported it to Pharo and had to make changes to
>>>>>>>>>>>>>
>>>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly removed some
>>>>>>>>>>>>>> class>>uncertainty
>>>>>>>>>>>>>> from the results of this message. My question is what
>>>>>>>>>>>>>> should I do about that? This method seems to require
>>>>>>>>>>>>>> non-headless, as it is checking the mouse point and such.
>>>>>>>>>>>>>> This being a crypto cornerstone, what the best answer here.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thank you,
>>>>>>>>>>>>>> Robert
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> -----------------------------------------------------------
>>>>>>>>>> Louis LaBrunda
>>>>>>>>>> Keystone Software Corp.
>>>>>>>>>> SkypeMe callto://PhotonDemon
>>>>>>>>>> mailto:[hidden email] http://www.Keystone-
>>>>>> Software.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>
>>>
>
>
>

Reply | Threaded
Open this post in threaded view
|

[Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Louis LaBrunda
In reply to this post by timrowledge
Hi Tim,

On Mon, 19 Oct 2015 10:02:25 -0700, tim Rowledge <[hidden email]> wrote:

>
>> On 19-10-2015, at 5:58 AM, Louis LaBrunda <[hidden email]> wrote:
>>
>> I think most CPUs support "Digital
>> Thermal Sensor" (I'm not sure about ARM).
>
>ARM *is* most cpus. I think we long ago passed the point where more than 50% of all >32bit cpus were ARM.

You are of course right.  Possibly when I first read about "Digital Thermal
Sensor", things may have been different.  But I'm sure everyone knew what I
meant.

>Typically the temperature of each core is monitored by stuff added around the ARM cores in an SoC, not the ARM itself. For example on a Pi, `vcgencmd measure_temp` works, though strictly speaking that measures the general temp of the SoC - which like many devices that are ARM powered is a large thing to do stuff and just happens to have a few Gips of processor hidden in a small corner.

>tim

Exactly what temperature is being measured probably doesn't matter as long
as there is enough range to help add some entropy.

Lou
-----------------------------------------------------------
Louis LaBrunda
Keystone Software Corp.
SkypeMe callto://PhotonDemon
mailto:[hidden email] http://www.Keystone-Software.com


Reply | Threaded
Open this post in threaded view
|

RE: [Pharo-dev] [squeak-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

David T. Lewis
In reply to this post by Ron Teitelbaum
> Hi Chris,
>
> The exemption is not for the location of the server but the URL where it
> is hosted.  I'm happy to help in any way I can but I don't have access to
> the Pharo Repos.  I have no issue with having Pharo packages on
> SqueakSource if that is what everyone agrees too.  We have multiple
> packages hosted there.  It's ok with me if we host some pharo code there
> too.
>
> All the best,
>
> Ron
>

The squeaksource.com service is open to everyone. Many people in the Pharo
community make use of it, and should feel welcome to do so.

Dave


12