On 09/05/2011 06:02 AM,
[hidden email] wrote:
> Date: Sun, 4 Sep 2011 22:27:16 +0200
> From: Geoffroy Couprie<
[hidden email]>
> Subject: Re: [Pharo-users] Status of crypto libraries for Pharo?
> To: A friendly place where any question about pharo is welcome
> <
[hidden email]>
> Message-ID:
> <
[hidden email]>
> Content-Type: text/plain; charset=UTF-8
>
> IIRC, there's a Smalltalk AES implementation somewhere (I don't know
> if it's efficient though).
> MD5 and SHA1/SHA2 are there and rapid enough, but storing password
> hashes using these algorithms is a very bad practice. You should use
> key derivation functions like scrypt and bcrypt. There's no
> implementation of these in Smalltalk, so you should wrap their libs in
> a plugin.
I made something that accesses the standard crypt(3) and libxcrypt
libraries with FFI. I've only used it on linux. I have made a Gemstone
port. The package is named PasswordHashingFFI and is in the
Cryptography repository on squeaksource here:
http://www.squeaksource.com/CryptographyWith them you can do md5, DES, sha256, sha512, and bcrypt. The
Cryptography repository has native implementations of md5, DES, sha256,
sha512.
I don't know about the security implications of using FFI vs. native vs.
a plugin.