package structure

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

package structure

Chris Muller
I know we've talked about our package structure before
but..

As I work through this book, I have some fixes and
additions to our Crytography packages.  Here is a list
of things I plan to post in the coming days:

  - addition of entropic sources for seed material
  - addition of the CTR (counter) cipher mode
  - addition of the "Fortuna" random generator
  - fix for seriously broken MillerRabin algorithm
preventing generation of proper-sized asymmetric keys
(i.e., for Diffie-Hellman / ElGamal and maybe RSA
too).

For the first one "entropic sources for seed
material".  It individually hashes unpredictable
strings from the users environment such as:

  - current directory
  - Time millisecondClockValue
  - World imageForm bits compressToByteArray
  - SmalltalkImage current vmStatisticsReportString
  - Sensor mousePoint
  - etc., etc.

and then finally SHA256 hashes the concatentation of
all of those hashes.  Slow, but totally unpredictable.

I've started by implementing SecureRandom
class>>#entropicSourcesDo: which is used by
SecureRandom class>>#randomSeed.  But SecureRandom is
in the "CryptographyBase" package, so I can't use SHA1
and SHA256.

It seems to me that many crypto primitives are built
from other ones.  Wouldn't it be easier to have
everything back in one package?  What are we trying to
accomplish here by having them all in separate
packages?

How should I proceed?

Thanks,
  Chris
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: package structure

Ron Teitelbaum
Chris,

The reason for the separate packages is to make it easier for people to find
and load what they need.  If I only need a cipher then I shouldn't have to
load all the packages.  

If I understand correctly SecureRandom relies on external packages, so
either the external packages become part of base, or SecureRandom needs to
come out of base, and should have SHA1 and SHA256 as a prerequisite.  (I'm
not sure how to define prerequisites in MC maybe Cees or someone can help
there).

I would vote for pulling SecureRandom out of base.    I believe there are
benefits to having multiple packages. I wouldn't want to see that removed,
if anything having separate packages, having to stop and decipher what the
package names mean, as a first place to start understanding cryptography is
useful in itself. What does everyone else think?

Ron Teitelbaum

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Chris Muller
> Sent: Monday, February 13, 2006 4:10 PM
> To: [hidden email]
> Subject: [Cryptography Team] package structure
>
> I know we've talked about our package structure before
> but..
>
> As I work through this book, I have some fixes and
> additions to our Crytography packages.  Here is a list
> of things I plan to post in the coming days:
>
>   - addition of entropic sources for seed material
>   - addition of the CTR (counter) cipher mode
>   - addition of the "Fortuna" random generator
>   - fix for seriously broken MillerRabin algorithm
> preventing generation of proper-sized asymmetric keys
> (i.e., for Diffie-Hellman / ElGamal and maybe RSA
> too).
>
> For the first one "entropic sources for seed
> material".  It individually hashes unpredictable
> strings from the users environment such as:
>
>   - current directory
>   - Time millisecondClockValue
>   - World imageForm bits compressToByteArray
>   - SmalltalkImage current vmStatisticsReportString
>   - Sensor mousePoint
>   - etc., etc.
>
> and then finally SHA256 hashes the concatentation of
> all of those hashes.  Slow, but totally unpredictable.
>
> I've started by implementing SecureRandom
> class>>#entropicSourcesDo: which is used by
> SecureRandom class>>#randomSeed.  But SecureRandom is
> in the "CryptographyBase" package, so I can't use SHA1
> and SHA256.
>
> It seems to me that many crypto primitives are built
> from other ones.  Wouldn't it be easier to have
> everything back in one package?  What are we trying to
> accomplish here by having them all in separate
> packages?
>
> How should I proceed?
>
> Thanks,
>   Chris
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: package structure

Luciano Notarfrancesco
In reply to this post by Chris Muller
Hi Chris and all,
I think I agree with Ron, perhaps we should take SecureRandom (and
RandomPool) out of the base. About collecting randomness, do you think
we need SecureRandom class>>#entropicSourcesDo:? Shouldn't we use a
RandomPool?

Luciano


On 2/13/06, Chris Muller <[hidden email]> wrote:

> I know we've talked about our package structure before
> but..
>
> As I work through this book, I have some fixes and
> additions to our Crytography packages.  Here is a list
> of things I plan to post in the coming days:
>
>   - addition of entropic sources for seed material
>   - addition of the CTR (counter) cipher mode
>   - addition of the "Fortuna" random generator
>   - fix for seriously broken MillerRabin algorithm
> preventing generation of proper-sized asymmetric keys
> (i.e., for Diffie-Hellman / ElGamal and maybe RSA
> too).
>
> For the first one "entropic sources for seed
> material".  It individually hashes unpredictable
> strings from the users environment such as:
>
>   - current directory
>   - Time millisecondClockValue
>   - World imageForm bits compressToByteArray
>   - SmalltalkImage current vmStatisticsReportString
>   - Sensor mousePoint
>   - etc., etc.
>
> and then finally SHA256 hashes the concatentation of
> all of those hashes.  Slow, but totally unpredictable.
>
> I've started by implementing SecureRandom
> class>>#entropicSourcesDo: which is used by
> SecureRandom class>>#randomSeed.  But SecureRandom is
> in the "CryptographyBase" package, so I can't use SHA1
> and SHA256.
>
> It seems to me that many crypto primitives are built
> from other ones.  Wouldn't it be easier to have
> everything back in one package?  What are we trying to
> accomplish here by having them all in separate
> packages?
>
> How should I proceed?
>
> Thanks,
>   Chris
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography