Hello everyone!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Hello everyone!

Joshua Gargus-2
Hi crypto-squeakers,

I just signed up for the list, and I come with a friendship-offering  
of code!

Before we get to the goodies, a few words about myself...

I've been a Squeaker since '98 or so, and have always found  
cryptography fascinating.  Like everyone, I don't have the time to  
engage in everything that I find interesting.  Lucky for me, my job  
now gives me a reason to use and contribute the Squeak crypto  
codebase.  I probably won't tackle broad framework issues (it looks  
like everyone is doing a fine job, anyway), but I expect to at least  
provide primitive implementations for a cipher or two.

The task at hand is to implement a custom audio- and video-
conferencing framework, and it needs to be secure.  It doesn't need  
to follow standards such as SRTP (thank goodness, given the  
timeline), but it does need to perform well.  Therefore, it needs to  
be implemented over UDP.  I intend to implement a transport layer  
similar to DTLS (google rfc4347).  Since this requires a cipher that  
can efficiently reset its state from an initialization vector (thus  
ruling out RC4, which we have been using for other purposes), I'll  
probably want to use Rijndael.

Now for the goodies.  I have two .mcz files that I'm attaching; I  
trust that they're small enough to not inconvenience anyone on dial-up:

Cryptography-Core.jcg.18
        - some speed improvements
        - a simple framework for using insecure ciphers, but not accidentally



Cryptography-Insecure
        - a couple of trivial, insecure block ciphers for use in testing




I don't fancy always sending .mcz files to the list... how does one  
get commit access to the repository?  Or should I (for now) just  
send .mcz files privately to a team member who does have commit access?

Thanks for all the work that everyone has done, it looks great!

Cheers,
Josh
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Cryptography-Core-jcg.18.mcz.zip (29K) Download Attachment
Cryptography-Insecure-jcg.1.mcz (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Hello everyone!

Ron Teitelbaum
Hi Joshua!

Welcome to the team!  What are you squeaksource initials and I'll add you to
the repository.  It's great to have you here.  Thanks for your changes I'll
have a look at post them next week.

Your projects sound really cool; if there is something that we can do to
help please let us know.

We are working towards getting the crypto primitives built into the base VM.
Krishna is looking at SHA256 primitive, any chance you would work with him
on it?

We are also working on CC validation, an ASN.1 framework, a Microsoft
CryptoAPI interface, OpenPGP, support for OpenSSL, and I'd like to integrate
some software for libCURL.  

Have you looked at Cees UDP Tric framework yet?  I'm not sure if it will
help but it might be worth your time to check it out.

Again it's great to have you here, welcome!

Ron Teitelbaum
Squeak Cryptography Team Leader

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Joshua Gargus
> Sent: Friday, November 24, 2006 5:43 PM
> To: [hidden email]
> Subject: [Cryptography Team] Hello everyone!
>
> Hi crypto-squeakers,
>
> I just signed up for the list, and I come with a friendship-offering
> of code!
>
> Before we get to the goodies, a few words about myself...
>
> I've been a Squeaker since '98 or so, and have always found
> cryptography fascinating.  Like everyone, I don't have the time to
> engage in everything that I find interesting.  Lucky for me, my job
> now gives me a reason to use and contribute the Squeak crypto
> codebase.  I probably won't tackle broad framework issues (it looks
> like everyone is doing a fine job, anyway), but I expect to at least
> provide primitive implementations for a cipher or two.
>
> The task at hand is to implement a custom audio- and video-
> conferencing framework, and it needs to be secure.  It doesn't need
> to follow standards such as SRTP (thank goodness, given the
> timeline), but it does need to perform well.  Therefore, it needs to
> be implemented over UDP.  I intend to implement a transport layer
> similar to DTLS (google rfc4347).  Since this requires a cipher that
> can efficiently reset its state from an initialization vector (thus
> ruling out RC4, which we have been using for other purposes), I'll
> probably want to use Rijndael.
>
> Now for the goodies.  I have two .mcz files that I'm attaching; I
> trust that they're small enough to not inconvenience anyone on dial-up:
>
> Cryptography-Core.jcg.18
> - some speed improvements
> - a simple framework for using insecure ciphers, but not
> accidentally


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Hello everyone!

Joshua Gargus-2

On Nov 24, 2006, at 3:05 PM, Ron Teitelbaum wrote:

> Hi Joshua!
>
> Welcome to the team!  What are you squeaksource initials and I'll  
> add you to
> the repository.

'jcg'

> It's great to have you here.  Thanks for your changes I'll
> have a look at post them next week.

Thanks.

>
> Your projects sound really cool; if there is something that we can  
> do to
> help please let us know.

And thanks again.

>
> We are working towards getting the crypto primitives built into the  
> base VM.
> Krishna is looking at SHA256 primitive, any chance you would work  
> with him
> on it?

I can't promise anything more than discussion before the end of the  
year, but I'll be happy to talk to him.  From a quick profile, it is  
clear that speeding up ThirtyTwoBitRegister would make a huge  
difference. The methods
        - bitShift
        - leftRotateBy:
        - +=
        - bitXor:
        - bitAnd:
        - bitOr:
        - bitInvert
account for about 80% of the computation time.  Another 14% (outside  
of the previous 80%) is creating and loading ThirtyTwoBitRegisters.

I see that ThirtyTwoBitRegisters are also used in Rijndael, but I  
haven't profiled it to see if they are the current bottleneck on  
performance.

>
> We are also working on CC validation, an ASN.1 framework, a Microsoft
> CryptoAPI interface, OpenPGP, support for OpenSSL, and I'd like to  
> integrate
> some software for libCURL.
>
> Have you looked at Cees UDP Tric framework yet?  I'm not sure if it  
> will
> help but it might be worth your time to check it out.

Yes, I've had a look at it.  Rob's SSL protocol stack is also  
interesting.  I'm not sure if I'll be able to reuse code directly,  
but they're both useful.

Best,
Josh


>
> Again it's great to have you here, welcome!
>
> Ron Teitelbaum
> Squeak Cryptography Team Leader
>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]] On Behalf Of
>> Joshua Gargus
>> Sent: Friday, November 24, 2006 5:43 PM
>> To: [hidden email]
>> Subject: [Cryptography Team] Hello everyone!
>>
>> Hi crypto-squeakers,
>>
>> I just signed up for the list, and I come with a friendship-offering
>> of code!
>>
>> Before we get to the goodies, a few words about myself...
>>
>> I've been a Squeaker since '98 or so, and have always found
>> cryptography fascinating.  Like everyone, I don't have the time to
>> engage in everything that I find interesting.  Lucky for me, my job
>> now gives me a reason to use and contribute the Squeak crypto
>> codebase.  I probably won't tackle broad framework issues (it looks
>> like everyone is doing a fine job, anyway), but I expect to at least
>> provide primitive implementations for a cipher or two.
>>
>> The task at hand is to implement a custom audio- and video-
>> conferencing framework, and it needs to be secure.  It doesn't need
>> to follow standards such as SRTP (thank goodness, given the
>> timeline), but it does need to perform well.  Therefore, it needs to
>> be implemented over UDP.  I intend to implement a transport layer
>> similar to DTLS (google rfc4347).  Since this requires a cipher that
>> can efficiently reset its state from an initialization vector (thus
>> ruling out RC4, which we have been using for other purposes), I'll
>> probably want to use Rijndael.
>>
>> Now for the goodies.  I have two .mcz files that I'm attaching; I
>> trust that they're small enough to not inconvenience anyone on  
>> dial-up:
>>
>> Cryptography-Core.jcg.18
>> - some speed improvements
>> - a simple framework for using insecure ciphers, but not
>> accidentally
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography