New Members

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Ron,

===============================
New Team Members,

I see we have a few new members.  If you feel so inclined please
introduce
yourself and let the team know what areas you are interested in.  This
team
is small so we try to encourage as much participation as possible.

Welcome,
===============================

My interest in Squeak can be summarized in a few words: open, portable,
Smalltalk.  I have long believed that I will eventually need to leave
Windows, and want an escape valve (which must of course involve
Smalltalk); for now, I am not in a hurry.  Having time on my side,
Squeak might be worth some work and some waiting.

So what is missing from or wrong with Squeak?  Good access to SSL is
critical to many uses I envision, and this group will hopefully fill
that void.  I also have some reservations about the user interface, and
suspect that you (Ron) will share at least some of them due to your
focus on medical software.  It would be nice to see some
cleanup/consistency in socket streams.  I am also convinced that Dolphin
and VW are correct to signal errors on stream exhaustion, and would like
to see Squeak do the same.  A fix for underscore snags would be helpful
(more below).  I realize that the focus here is on cryptography, and
moving that forward would be worth the price of admission; it would be
better still to find some like-minded Squeakers who can push for some
other changes that IMHO would be very good for Squeak.

Re Squeak's GUI, the look of the interface is not a big deal to me, nor
are native widgets, but the current feel is a problem.  Clerks enter
data that can be _very_ valuable, and they type; lists grabbing focus on
mouse-over would be complete deal-breaker.  Tabbing between fields is
essential for them to accept software.  Modal dialogs are essential to
keep the majority of my users out of trouble.  Fixing the problems is
not necessarily very difficult; my concern is that once I fix them, I am
on my own unless the required changes are accepted into the base GUI, if
only as options.

Re underscores, the main reason I care about them is interfacing with
relational databases.  I am not a big user of RDBs.  However, when the
goal is to find Robert Smith among hundreds of thousands or more of his
peers, an RDB is the tool of choice.  Field names tend to contain
underscores, and field names become natural choices for selectors in
proxies (if only via DNU).  The recent unicode changes have at least
gotten rid of the errant back arrows in file names, etc.  That's
progress, but I keep hoping for more.

Back to cryptography, (FWIW) I would prioritize OpenSSL over Microsoft
libraries.  Things implemented in Squeak would be nice too, but I have
had good experience with OpenSSL.  My hunch (I could be wrong) is that
C/C++ binaries are preferred for cryptographic number crunching, at
least for the grunt work of processing incoming and outgoing data
streams.  For the occasional public key operation, Smalltalk's ability
to handle large integers is hard to ignore, and performed reasonably
(even surprisingly) well the last time I gave it a try.

Bill



Wilhelm K. Schwab, Ph.D.
University of Florida
Department of Anesthesiology
PO Box 100254
Gainesville, FL 32610-0254

Email: [hidden email]
Tel: (352) 846-1285
FAX: (352) 392-7029

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Hi Bill,

It's nice to talk to you again.

See comments inserted.

==================================
I agree there is much to be done.  I've been working with interfaces.  I'm
working with wxWidgets (wxSqueak) which I think is very nice.  I'm also
looking at strongtalk but obviously that's further out.  What I think I like
the most right now is Seaside.  I'm seriously considering using web browsers
for everything.  

Also I'm not having the same problems with sockets.  What problems are you
having?  Protocol size headers Tag Size Value works pretty well to allow you
to handle socket issues.
==================================

===============================================
I agree with this and I really need to spend some time on this.  When Rob
and I were working on SSL we had problems with underscores.  What's odd is
that I've been using underscores frequently and have had no problems at all
with 3.9.  At some point I need to figure out why it works for me and fails
for others.
===============================================

>
> Back to cryptography, (FWIW) I would prioritize OpenSSL over Microsoft
> libraries.  Things implemented in Squeak would be nice too, but I have
> had good experience with OpenSSL.  My hunch (I could be wrong) is that
> C/C++ binaries are preferred for cryptographic number crunching, at
> least for the grunt work of processing incoming and outgoing data
> streams.  For the occasional public key operation, Smalltalk's ability
> to handle large integers is hard to ignore, and performed reasonably
> (even surprisingly) well the last time I gave it a try.

===============================================
Here are my thoughts on the issue.  I would like to support OpenSSL but
there have been some concerns raised about how to secure the interface
between squeak and the openSSL libs.  Also it was much more an attractive
proposition when OpenSSL was FIPS certified.  The fact that Microsoft's
CryptoAPI is FIPS certified makes it an attractive option.  It has been
mentioned here that if we follow the common criteria that the benefit to
FIPS certification diminishes some.  I would really like to focus on
standard tests for native squeak cryptography.  The problem is I don't have
much time right now to do it myself.  We need help!

As for my own projects, we just filed our patents.  We are looking for
funding, and I expect that our products are at least a year out.  Hopefully
once we have a working prototype you will consider helping us with
Anesthesiology Medical Records.  Nice to hear from you Bill!

Ron Teitelbaum
================================================

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On 10/3/06, Ron Teitelbaum <[hidden email]> wrote:

> I see we have a few new members.  If you feel so inclined please introduce
> yourself and let the team know what areas you are interested in.  This team
> is small so we try to encourage as much participation as possible.

Hi Ron,

First, thanks to you and the other members of the Cryptography team.

I'm interested in the pure Smalltalk solution first, just because I
think it's the path of least resistance.  Maybe I'm wrong.  :)  I
found a load order in another cryptography list message, downloaded
the latest version of everything from SqueakSource, and started
loading them from a FileList.

Cryptography-Core-rww.17.mcz
    leaves CryptographyError in Undeclared
Cryptography-SHA1-rww.8.mcz
Cryptography-MD5-cmm.2.mcz
Cryptography-DES-hmm.3.mcz
    leaves interpreterProxy in Undeclared
Cryptography-SHA256-RJT.5.mczCryptographyBase-hmm.18.mcz
    defines CrytographyError
Cryptography-ElGamal-cmm.3.mcz
Cryptography-RSA-rww.5.mcz
Cryptography-Rijndael-RJT.7.mcz
Cryptography-ASN1-RJT.17.mcz
Cryptography-RC4-rww.3.mcz
Cryptography-DSA-rww.3.mcz
Cryptography-X509-rww.21.mcz
Cryptography-SSL-rww.93.mcz

SSLCipherSuite subclass: #TLSNothing more expected
->_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    instanceVariableNames: ''
    classVariableNames: ''
    poolDictionaries: ''

Probably the underscores.  :)  I was using an untouched 3.9g-7061 on
Mac OS X when I saw this.  Should I use another image?  Change some
preferences?  File something else in first?  Read every bit of the
cryptography list archives?  Load in some other way?

Load in some other way.  I restarted the same image and installed
Cryptography 0.3 from SqueakMap.  No underscore problem but it still
leaves #interpreterProxy in Undeclared.  Selected Cryptography-ASN1
and Cryptography-Tests in the Test Runner.  Errors.  Loaded...

    Cryptography-DES-hmm.3.mcz

...and all but 2 of 23 passed, an assertion failure in
CryptoTest>>testDSASigningAndVerifying and an error,
MessageNotUnderstood (#unsignedLongAt:bigEndian) in the send chain
that starts with encryptBlock: in CryptoTest>>testDES2.

I'll be happy to provide more information if you want, load other
versions of whatever, or perform other experiments, time permitting of
course.

Keep up the good work,
Steve


--
How wonderful it is that nobody need wait a single moment
before starting to improve the world.       -- Anne Frank
Paradise is exactly where you are
right now...only much, much better.    -- Laurie Anderson
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Steven Elkins schrieb:
>
> ...and all but 2 of 23 passed, an assertion failure in
> CryptoTest>>testDSASigningAndVerifying and an error,
> MessageNotUnderstood (#unsignedLongAt:bigEndian) in the send chain
> that starts with encryptBlock: in CryptoTest>>testDES2.
The second should go away if you load the newer version of the
CryptographyBase package.
I put a compatibility method there (allowing 32-bit unsigned int access
on ByteStrings) which makes encryption and decryption using the
non-primitive DES easier.

Cheers,
Hans-Martin
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On 10/4/06, Hans-Martin Mosner <[hidden email]> wrote:
> Steven Elkins schrieb:
> >
> > ...and all but 2 of 23 passed, an assertion failure in
> > CryptoTest>>testDSASigningAndVerifying and an error,
> > MessageNotUnderstood (#unsignedLongAt:bigEndian) in the send chain
> > that starts with encryptBlock: in CryptoTest>>testDES2.
> The second should go away if you load the newer version of the
> CryptographyBase package.

The second did go away after I loaded the hmm-18 version.

Thanks,
Steve

--
How wonderful it is that nobody need wait a single moment
before starting to improve the world.       -- Anne Frank
Paradise is exactly where you are
right now...only much, much better.    -- Laurie Anderson
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

It sounded like Steven is talking about testing the SqueakMap version  
of the Crypto library, not our Monticello based library.  In the  
Monticello working library, I fixed the first one from chopping off  
several bytes from the beginning of each signature parameter.  
Loading the latest DSA should fix it.  We do have multiple errors,  
most of which looked to be due to trying to use Rijndael with an  
incorrect key size.  I know little about it.

Robert

On Oct 4, 2006, at 12:49 PM, Hans-Martin Mosner wrote:

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Hi Steven,

On Oct 4, 2006, at 12:38 PM, Steven Elkins wrote:

> I'm interested in the pure Smalltalk solution first, just because I
> think it's the path of least resistance.  Maybe I'm wrong.  :)

I like this too, but for cross-platform reasons.  No special code for  
each platform or code that works on just a single platform.

> I
> found a load order in another cryptography list message, downloaded
> the latest version of everything from SqueakSource, and started
> loading them from a FileList.

This is the right thing to do.

CryptographyError should be moved to Cryptography-Core and  
CryptographyBase should be renamed to Cryptography-Random.

>
> SSLCipherSuite subclass: #TLSNothing more expected
> ->_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>    instanceVariableNames: ''
>    classVariableNames: ''
>    poolDictionaries: ''

I'll try to reproduce this, but it shouldn't be happening.  All in  
all, you shouldn't worry much about Undeclared, since it is just a  
class that references another class, before that class is defined.  I  
see lot's of them when I load SSL, for instance.

The interpreterProxy issue will no get resolved.  There is a  
DESPlugin class that subclasses from InterpreterPlugin, which is not  
in the image.  No worries, since we don't use the DESPlugin an  
probably ought to remove it.

>
> Probably the underscores.  :)  I was using an untouched 3.9g-7061 on
> Mac OS X when I saw this.  Should I use another image?  Change some
> preferences?  File something else in first?  Read every bit of the
> cryptography list archives?  Load in some other way?

No to all the above.   You were doing it right.


> Load in some other way.  I restarted the same image and installed
> Cryptography 0.3 from SqueakMap.

This is the original lib, that started the Monticello Cryptography  
lib.   All this new stuff going on is in the Monticello lib.

Load the latest DSA package to address the first but we have other  
errors with Rijndael.  I'll work at them.

cheers,
Robert
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On 10/4/06, Robert Withers <[hidden email]> wrote:

> > SSLCipherSuite subclass: #TLSNothing more expected
> > ->_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> >    instanceVariableNames: ''
> >    classVariableNames: ''
> >    poolDictionaries: ''
>
> I'll try to reproduce this, but it shouldn't be happening.

Sure, please let me know if I should provide more information.

> All in
> all, you shouldn't worry much about Undeclared, since it is just a
> class that references another class, before that class is defined.  I
> see lot's of them when I load SSL, for instance.

Oh, they don't bother me, I was just trying to be informative.

> > ...and all but 2 of 23 passed, an assertion failure in
> > CryptoTest>>testDSASigningAndVerifying and an error,
> > MessageNotUnderstood (#unsignedLongAt:bigEndian) in the send chain
> > that starts with encryptBlock: in CryptoTest>>testDES2.
> >
>
> Load the latest DSA package to address the first but we have other
> errors with Rijndael.  I'll work at them.

All 23 pass after loading the latest Base (following Hans-Martin's
instructions) and the latest DSA (following yours).

Thanks,
Steve
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On Oct 4, 2006, at 6:24 PM, Steven Elkins wrote:

Yes, could you?  I am not seeing it occur when I load SSL.

thanks,
Robert
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On 10/4/06, Robert Withers <[hidden email]> wrote:
Sorry, you'll have to tell me what information you'd like me to
provide.  I just ran through it again and saw the same thing.

1.  Open a fresh 3.9g-7061 image.
2.  Resize the window for my little iBook.
3.  Open a FileList and load these packages in this order.

Cryptography-Core-rww.17.mcz
Cryptography-SHA1-rww.8.mcz
Cryptography-MD5-cmm.2.mcz
Cryptography-DES-hmm.3.mcz
Cryptography-SHA256-RJT.5.mcz
CryptographyBase-hmm.18.mcz
Cryptography-ElGamal-cmm.3.mcz
Cryptography-RSA-rww.5.mcz
Cryptography-Rijndael-RJT.7.mcz
Cryptography-ASN1-RJT.17.mcz
Cryptography-RC4-rww.3.mcz
Cryptography-DSA-rww.3.mcz
Cryptography-X509-rww.21.mcz
Cryptography-SSL-rww.93.mcz

SSLCipherSuite subclass: #TLSNothing more expected
->_DHE_DSS_WITH_3DES_EDE_CBC_SHA
   instanceVariableNames: ''
   classVariableNames: ''
   poolDictionaries: ''

I suppose I can try it on other platforms and/or assemble an image
through X509 and put it somewhere.  Or answer whatever questions you
have.  I can't spend more time on it now but I'm glad to do so later.

Are you starting from the same image, using the same compiler?

Am I the only person seeing this?

Thanks,
Steve
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On Oct 4, 2006, at 7:44 PM, Steven Elkins wrote:

Very strange indeed.

>
> 1.  Open a fresh 3.9g-7061 image.

yes, completely fresh.

> 2.  Resize the window for my little iBook.

Powerbook here.

> 3.  Open a FileList and load these packages in this order.

Load in the same order

>
> SSLCipherSuite subclass: #TLSNothing more expected
> ->_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>   instanceVariableNames: ''
>   classVariableNames: ''
>   poolDictionaries: ''

I don't see this at all.  Is it printing to your Transcript?  I  
defined these by quoting the class  name and it seemed to be working  
on reload, thus:

SSLCipherSuite subclass: #'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
        instanceVariableNames: ''
        classVariableNames: ''
        poolDictionaries: ''

I suppose the most important question is does this prevent SSL from  
working for you?  If you get the green button form opened up...and  
then can open the SSL Workspace, you could try to load one of the  
https webpages.

>
> I suppose I can try it on other platforms and/or assemble an image
> through X509 and put it somewhere.  Or answer whatever questions you
> have.  I can't spend more time on it now but I'm glad to do so later.

When you have the time.  Thanks for you help.

>
> Are you starting from the same image, using the same compiler?

Yep.

>
> Am I the only person seeing this?

That's a great question.

Cheers,
Robert


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

On 10/4/06, Robert Withers <[hidden email]> wrote:
No, they're little instances of SystemWindow with 'Syntax Error'
titles.  The progress bar stops.

No, the code doesn't load.

> > I suppose I can try it on other platforms and/or assemble an image
> > through X509 and put it somewhere.  Or answer whatever questions you
> > have.  I can't spend more time on it now but I'm glad to do so later.
>
> When you have the time.  Thanks for you help.

Well, I couldn't stop pounding my head against this wall.  I had
another idea after you mentioned quoting the symbol.  So...

1.  I extracted the snapshot/source.st file.

2.  I changed the class definition to quote the symbol.

3.  Filed it in and made it past the class definition.

4.  Bombed on the next expression (definition of hexCode on the class side).

!TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA class methodsFor: 'constants' stamp: ''!

TLS_DHE_DSS_WITH_3DESNothing more expected ->_EDE_CBC_SHA class
methodsFor: 'constants' stamp: ''

5.  Changed it to...

!(Smalltalk at: #'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA') class
methodsFor: 'constants' stamp: ''!

6.  Made it past the definition of hexCode, i.e., it's in the image.
Bombed on the next one, an instance method named bulkCipherAlgorithm.

TLS_DHE_DSS_WITH_3DESNothing more expected ->_EDE_CBC_SHA methodsFor:
'accessing' stamp: ''

I'm stopping for tonight, no kidding.  :)  Funny it doesn't point to
exactly the same place as it does with the class definition.

> > Are you starting from the same image, using the same compiler?
>
> Yep.

I'll revisit the freshness of my image (later).  Yours seems to handle
underscores in class names much better than mine.  I see many
subclasses of SSLCipherSuite with names including underscores.

> > Am I the only person seeing this?
>
> That's a great question.

I have a vague memory of Ron Teitelbaum mentioning it but so far I've
failed to find it.

Thanks,
Steve
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography