Nabble - Squeak - Cryptography

Monticello Crypto packages with 3.10.2

2008-08-02T12:11:05Z

Won't load and I don't know enough to figure out why quite yet. Ideas?

-- C
_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

FW: [squeak-dev] DigitalSignatureAlgorithm cosmetic refactoring

2008-07-11T07:54:14Z

Hi All,

Does anyone have any issues with Nicolas' comments? On the surface his
points look valid. I have not researched best practices for these
algorithms so I am weary to want to change them, unless they fix a
significant bug or performance problem.

But they are very nice examples of some very nice bit twiddling.

Thoughts?

Ron

-----Original Message-----
From: squeak-dev-bounces@...
[mailto:squeak-dev-bounces@...] On Behalf Of nicolas
cellier
Sent: Thursday, July 10, 2008 10:56 PM
To: squeak-dev@...
Subject: [squeak-dev] DigitalSignatureAlgorithm cosmetic refactoring

Reading these classes, i see some possible cleaning:

ThirtyTwoBitRegister>>leftRotateBy: bits
[...]
bitCount _ bits \\ 32.
bitCount < 0 ifTrue: [bitCount _ bitCount + 32].

This second line is useless, bits \\ 32 will be positive
(not the case of (bits rem: 32) if bits negative).

=====> This is certainly true - Ron
--------------------------------------------------

This algorithm could avoid duplicating lowBit:

DigitalSignatureAlgorithm>>logOfLargestPowerOfTwoDividing:
aStrictlyPositiveInteger
^aStrictlyPositiveInteger lowBit - 1

======> By testing this I can see it is true, and a very beautiful
algorithm by the way. I can't see the proof. Out of curiosity why is this
true? - Ron
--------------------------------------------------

DigitalSignatureAlgorithm>>inverseOf: x mod: n
[...]
v _ x.
u _ n.
k _ 0.
[x even and: [n even and: [u > 0]]] whileTrue: [ "eliminate common
factors of two"
k _ k + 1.
u _ u bitShift: -1.
v _ v bitShift: -1].

This has not much sense.
Should be [u even and: [v even]] whileTrue: [...]

Or even better:
k := u lowBit min: v lowBit.
u := u >> k.
v := v >> k.

Or even better:
(u even and: [v even]) ifTrue: [self error: 'no inverse']
because a pair of integers {a. b} satisying
(2 * u) * a + ((2 * v) * b) = 1
will be hard to find...

(Algorithm uselessly repeat (n highBit * 2) bitShift: before obtaining
luckily this 'no inverse' result)

=======> Looking at this it makes sense. It looks similar to the
logofLargestPowerOfTwoDividing. Can you explain why this works. I see that
it is using the lowest common even position to shift the values.

I don't think that this was a lucky hit of a no inverse since it is the
result of the multiplication of two primes. Taken as a general algorithm
this would be true. You have to wonder if these techniques should not be
moved into a more general format and moved into an extension of Integer or
ThirtyTwoBitRegister instead of being hidden within DSA.

Thanks,

Ron Teitelbaum

Nicolas, would you consider taking over the Cryptography Team? There hasn't
been much progress here and we could use some new leadership.

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: SSH Server in Squeak

2008-05-08T15:17:45Z

Hi Deech,

I don’t have time to look at it right now, but I may be able to look at it this weekend. From a look at your screen shot it looks like the Deffie Hellman key exchange didn’t work, the key is nil. Maybe you should try to use the ssh2 setting on putty? There may be some settings that limit which protocols it will support too, look for DH.

Please let me know if you solve the problem.

Good luck,

Ron

From: aditya siram [mailto:aditya.siram@...]
Sent: Thursday, May 08, 2008 5:37 PM
To: Ron@...; Cryptography Team Development List
Subject: Re: [Cryptography Team] SSH Server in Squeak

Hi Ron,

Thanks for taking the time. I loaded the Cryptography package from Squeaksource but there weren't any SSH classes. So I manually loaded the SSH-rww1 ... SSH-rrw-12 mcz's that were listed on the website.

I was then able to start the server with:

ssh := SSHServer new.

ssh startOnPort: 8085.

However when I try to connect to this port from putty I get the error shown in the screenshot.

Deech

On Thu, May 8, 2008 at 3:49 PM, Ron Teitelbaum <Ron@...> wrote:

Hi Deech,

Sorry I missed your email here too.

I believe that Rob did write an SSH server and/or client but I haven't had time to review it and use it yet. It's in the cryptograpy package available on SqueakSource. http://www.squeaksource.com/Cryptography.html

Let us know how it works for you.

Thanks,

Ron Teitelbaum

Squeak Cryptography Team Leader

From: cryptography-bounces@... [mailto:cryptography-bounces@...] On Behalf Of aditya siram
Sent: Thursday, May 08, 2008 9:06 AM
To: Cryptography@...
Subject: [Cryptography Team] SSH Server in Squeak

Hi all,
Is there an SSH server in Squeak. I posted to the Seaside mailing list and was pointed here.

Thanks ...
Deech

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: SSH Server in Squeak

2008-05-08T13:49:44Z

Hi Deech,

Sorry I missed your email here too.

I believe that Rob did write an SSH server and/or client but I haven’t had time to review it and use it yet. It’s in the cryptograpy package available on SqueakSource. http://www.squeaksource.com/Cryptography.html

Let us know how it works for you.

Thanks,

Ron Teitelbaum

Squeak Cryptography Team Leader

Hi all,
Is there an SSH server in Squeak. I posted to the Seaside mailing list and was pointed here.

Thanks ...
Deech

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

SSH Server in Squeak

2008-05-08T06:06:21Z

Hi all,
Is there an SSH server in Squeak. I posted to the Seaside mailing list and was pointed here.

Thanks ...
Deech

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: Plugin update

2008-03-18T05:02:29Z

Thank you for doing that!! That's terrific.

I'll merge them in.

Ron

> -----Original Message-----
> From: cryptography-bounces@...
> [mailto:cryptography-bounces@...] On Behalf Of
> Levente Uzonyi
> Sent: Friday, March 07, 2008 5:01 PM
> To: cryptography@...
> Subject: [Cryptography Team] Plugin update
>
> Hi!
>
> I've created an SHA-256 plugin (just for fun :), and updated the MD5.
> Both should work on little and big endian machines. The source package
> and precompiled modules for win32 are available here:
> http://leves.web.elte.hu/cryptography/
> The code is available under the MIT license.
>
> Cheers,
> Levente
>
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Plugin update

2008-03-07T14:00:49Z

Hi!

I've created an SHA-256 plugin (just for fun :), and updated the MD5.
Both should work on little and big endian machines. The source package
and precompiled modules for win32 are available here:
http://leves.web.elte.hu/cryptography/
The code is available under the MIT license.

Cheers,
Levente

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: MD5 plugin

2008-03-04T17:49:26Z

Well thank you very much!!

Ron

> -----Original Message-----
> From: cryptography-bounces@...
> [mailto:cryptography-bounces@...] On Behalf Of
> leves@...
> Sent: Tuesday, March 04, 2008 7:59 PM
> To: Ron@...
> Cc: 'Cryptography Team Development List'
> Subject: RE: [Cryptography Team] MD5 plugin
>
> Hi Ron!
>
> Quoting Ron Teitelbaum <Ron@...>:
>
> > Hi Levente,
> >
> > This looks great! Thank you. What bug did you find?
> >
>
> For the empty string the result was '0123456789abcdeffedcba9876543210'
> instead of 'd41d8cd98f00b204e9800998ecf8427e' with the following code:
> (MD5 hashMessage: '') hex asLowercase.
>
> > You understand that by releasing this in the Cryptography repository
> that
> > you are releasing it using the MIT License?
> >
>
> Of course. :)
>
> > So when can you do SHA256? :)
> >
>
> As soon as I need a faster implementation for it. :)
>
>
> Levente
>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: MD5 plugin

2008-03-04T16:59:04Z

Hi Ron!

Quoting Ron Teitelbaum <Ron@...>:

> Hi Levente,
>
> This looks great! Thank you. What bug did you find?
>

For the empty string the result was '0123456789abcdeffedcba9876543210'
instead of 'd41d8cd98f00b204e9800998ecf8427e' with the following code:
(MD5 hashMessage: '') hex asLowercase.

> You understand that by releasing this in the Cryptography repository that
> you are releasing it using the MIT License?
>

Of course. :)

> So when can you do SHA256? :)
>

As soon as I need a faster implementation for it. :)

Levente

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: MD5 plugin

2008-03-04T16:08:35Z

Hi Levente,

This looks great! Thank you. What bug did you find?

You understand that by releasing this in the Cryptography repository that
you are releasing it using the MIT License?

So when can you do SHA256? :)

Ron Teitelbaum
Squeak Cryptography Team Leader

> -----Original Message-----
> From: cryptography-bounces@...
> [mailto:cryptography-bounces@...] On Behalf Of
> leves@...
> Sent: Tuesday, March 04, 2008 4:04 PM
> To: cryptography@...
> Subject: [Cryptography Team] MD5 plugin
>
> Hi!
>
> I've written a simple MD5 plugin and integrated it into the current
> cryptography package.
> The mcz file and a precompiled plugin for win32 is available here:
> http://leves.web.elte.hu/md5/
> The package also contains a bugfix for the MD5 hash function. Hope you
> like it.
>
> Cheers,
> Levente
>
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

MD5 plugin

2008-03-04T13:04:21Z

Hi!

I've written a simple MD5 plugin and integrated it into the current
cryptography package.
The mcz file and a precompiled plugin for win32 is available here:
http://leves.web.elte.hu/md5/
The package also contains a bugfix for the MD5 hash function. Hope you
like it.

Cheers,
Levente

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Luciano Notarfrancesco Signed the Agreement

2008-01-18T17:08:05Z

Hello all,

Good News! We just received the singed agreement from Luciano
Notarfrancesco.

Ron Teitelbaum

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: Squeak license situation

2007-11-23T07:06:56Z

Hi All,

I just heard from Luciano. He is in China but has just printed out the
agreement, and said he going to figure out how to mail it now.

Ron Teitelbaum
Squeak Cryptography Team Leader

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Give One. Get One. Now!!

2007-11-12T17:43:06Z

Hi All,

This is just a reminder that you can now help the OLPC project by purchasing
XO laptop's. You will give one to a child in the developing world and get
one for yourself. The Give One. Get One. program is only available for a
limited time so don't delay.

http://news.squeak.org/2007/11/13/give-one-get-one-now/

Or go directly to:

http://www.laptopgiving.org/en/index.php

Check out a cool review:

http://news.squeak.org/2007/10/05/pretty-cool-nytimes-olpc-review/

Thanks,

Ron Teitelbaum

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: working postgres client?

2007-10-12T17:35:31Z

Hi Gary,

I'm not really interested in calling native functions, but I am interested
in getting plugins developed. We have a plugin for SHA1 and for
(SecureHashAlgroithm) DES (3DES). Which works well for 3DES-SHA1 SSL.

The most important plugins for me would be SHA256, Rijndael (AES), and MD5.

So far nobody in the Cryptography Team has had the time to get it done. Any
volunteers are definitely welcome!!

Ron Teitelbaum
Squeak Cryptography Team Leader

> From: Gary Chambers
>
> If there's any interest we have developed plgins for Windows and Linux for
> using the native MD5 functions, at least on Linux it is 100X quicker...
>
> > -----Original Message-----
> > From: squeak-dev-bounces@...
> > [mailto:squeak-dev-bounces@...]On Behalf Of Ron
> > Teitelbaum
> > Sent: 12 October 2007 2:35 PM
> > To: 'The general-purpose Squeak developers list'
> > Subject: RE: working postgres client?
> >
> >
> > Hi Randal,
> >
> > You need to use the PostGresV2 client. You can find it at:
> > http://www.squeaksource.com/PostgresV2.html
> >
> > You should also load the cryptography package at:
> >
> > http://www.squeaksource.com/Cryptography.html
> >
> > to support MD5, which works fine.
> >
> > Also consider using Glorp:
> > http://www.squeaksource.com/Glorp.html
> >
> > to map your Objects to the relational database.
> >
> > Hope that helps,
> >
> > Happy coding!
> >
> > Ron Teitelbaum
> > Squeak Cryptography Team Leader
> >
> > > From: Randal L. Schwartz
> > >
> > >
> > > I'm working on a project that requires access to a postgresql
> database.
> > >
> > > The postgres client in Squeakmap seems to fail if md5 password auth is
> > > enabled
> > > (or at least that's my best guess so far about why it works on my
> laptop
> > > and
> > > not the server).
> > >
> > > I googled for "postgres squeak" and found Jim-Postgresql's
> > client, but it
> > > hangs in my 3.10 image when trying to connect. And by hang, I mean
> > > command-period does nothing, and I have to force quit.
> > >
> > > Does anyone have a working pg client that works with modern squeak and
> > > modern
> > > postgresql?
> > >
> > > Thanks.
> > >
> >
> >
> >
>

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Re: Re:

2007-05-06T02:16:55Z

> Hi Rob,

> Robert Withers schrieb:
>> Hey Hans,
>>
>> I just read the OpenPGP spec and browsed your code. You are close to
>> processing packets! Are you still developing this package? Let's
>> revive it.
> Well I haven't been doing anything on it for quite some time. I think
> the code is mostly able to read public and private key files. I never
> decided on a good abstraction for reading and writing encrypted files,
> though, so that part would need some design work.
>>
>> I recently finished implementing SMIME, although it has yet to be
>> integrated with Celeste. I think it's possible to have both SMIME and
>> OpenPGP support in Celeste, when we get around to it.
>>
>> What do you think?
>>
> That would be a very good idea. My main motivation for OpenPGP was that
> it could be used in code signing (back when I tinkered with my
> distributed code repository stuff) but its use in a mail client is
> definitely a good goal.

> Do you happen to have an idea for a good abstraction for
> encrypted/signed files and streams?

Möglicherweise möchten Sie etwas sehr utopisch Klassen überprüfen, die
ich getan habe (mit etwas Hilfe) in der Vergangenheit.
(CipherStream) http://www.smalltalking.net/Goodies/VisualSmalltalk/index.htm

Hernán

> Cheers,
> Hans-Martin
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Re: OpenPGP

2007-05-05T16:17:45Z

On May 5, 2007, at 1:26 PM, Hans-Martin Mosner wrote:

> Hi Rob,
>
> Robert Withers schrieb:
>> Hey Hans,
>>
>> I just read the OpenPGP spec and browsed your code. You are close to
>> processing packets! Are you still developing this package? Let's
>> revive it.
> Well I haven't been doing anything on it for quite some time. I think
> the code is mostly able to read public and private key files. I never
> decided on a good abstraction for reading and writing encrypted files,
> though, so that part would need some design work.

Ok, I see where you are reading in the public and private keys. I
would need to be able to generate them as well, since I don't have an
OpenPGP/GPG installation. then we could come up with a default
location fo these files in the squeak default directory. For SMIME,
I keep all of the certificates and private key in a CertificateStore
object, which is serialized to disk as 'certificates/cert.store'.
Perhaps we need a 'security/pgpkeys.private' and 'security/
pgpkeys.public'. I could move 'certificates' under 'security'.

>>
>> I recently finished implementing SMIME, although it has yet to be
>> integrated with Celeste. I think it's possible to have both SMIME
>> and
>> OpenPGP support in Celeste, when we get around to it.
>>
>> What do you think?
>>
> That would be a very good idea. My main motivation for OpenPGP was
> that
> it could be used in code signing (back when I tinkered with my
> distributed code repository stuff) but its use in a mail client is
> definitely a good goal.

Ah, yes I recall you were working on that. Lots of choices now with
Monticello, Universes, packages, none with code signing. Perhaps the
mail client would be a good entry point for broader use.

>
> Do you happen to have an idea for a good abstraction for
> encrypted/signed files and streams?

Not really. It seems to me that there is an input stream (chunk),
with ancillary input state (public/private/session keys), which would
decode to an output stream (chunk).

Decryption failure is an exception as is signature verification
failure. We could then use a chain of responsibility of decoders.
I.e. the first attempt to verify the signature may fail/throw an
exception, shifting to a second decoder which would extract the
message without verifying the signature. A higher level would be
responsible for reporting the outcome, based on which decoder was
successful. A decoder (encoder) could be composite, so we could
handle/generate encrypted, signed packets.

I suspect all of this is above the layer you are talking about, which
is the internals of processing a single packet. For that I think of
the ASN.1 framework I implemented with help from VW. There is a
ASN1Stream holding BER encoded bytes, and you use a Type class to
control how to read or write those bytes. So there is an
OpenPGPStream holding encoded bytes, and you use a Type (Packet) to
control how to read or write those bytes. This is what you have, is
it not?

What kinds of abstractions were you thinking over?

cheers,
Robert

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Re:

2007-05-05T14:26:30Z

Hi Rob,

Robert Withers schrieb:
> Hey Hans,
>
> I just read the OpenPGP spec and browsed your code. You are close to
> processing packets! Are you still developing this package? Let's
> revive it.
Well I haven't been doing anything on it for quite some time. I think
the code is mostly able to read public and private key files. I never
decided on a good abstraction for reading and writing encrypted files,
though, so that part would need some design work.
>
> I recently finished implementing SMIME, although it has yet to be
> integrated with Celeste. I think it's possible to have both SMIME and
> OpenPGP support in Celeste, when we get around to it.
>
> What do you think?
>
That would be a very good idea. My main motivation for OpenPGP was that
it could be used in code signing (back when I tinkered with my
distributed code repository stuff) but its use in a mail client is
definitely a good goal.

Do you happen to have an idea for a good abstraction for
encrypted/signed files and streams?

Cheers,
Hans-Martin
_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

(no subject)

2007-05-05T14:06:58Z

Hey Hans,

I just read the OpenPGP spec and browsed your code. You are close to
processing packets! Are you still developing this package? Let's
revive it.

I recently finished implementing SMIME, although it has yet to be
integrated with Celeste. I think it's possible to have both SMIME
and OpenPGP support in Celeste, when we get around to it.

What do you think?

cheers,
Robert

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

smime.p7s (3K) Download Attachment

RE: MersenneTwister

2007-05-01T07:49:20Z

Hi Hernán,

Thank you for your question. I just spent some time looking it up and I
found this in wikipedia. http://en.wikipedia.org/wiki/Mersenne_twister

"Application
Unlike Blum Blum Shub, the algorithm in its native form is not suitable for
cryptography. Observing a sufficient number of iterates (624 in the case of
MT19937) allows one to predict all future iterates. Combining the Mersenne
twister with a hash function solves this problem, but slows down generation.

"Another issue is that it can take a long time to turn a non-random initial
state into output that passes randomness tests, due to its size. A small
Lagged Fibonacci generator or Linear congruential generator gets started
much quicker and is usually used to seed the Mersenne Twister. If only a few
numbers are required and standards aren't high it is simpler to use the seed
generator. But the Mersenne Twister will still work.

"For many other applications, however, the Mersenne twister is fast becoming
the random number generator of choice. Since the library is portable, freely
available and quickly generates good quality random numbers it is rarely a
bad choice.

"It is designed with Monte carlo simulations and other statistical
simulations in mind. Researchers primarily want good quality numbers but
also benefit from its speed and portability."

Notice that it says that the PRNG is not appropriate for Cryptographic
applications because of the possibility of retrieving a sequence that is
predictable.

Because of this I would say that the Cryptography Repository may not be the
right place to put this. If you would like some help creating a separate
repository for this code I would be happy to help you.

What does everyone else think about including this PRNG in the Cryptography
Repository? I suppose that we could include a warning not to use this for
cryptographic applications.

Thoughts?

Thanks,

Ron Teitelbaum
Squeak Cryptography Team Leader

> -----Original Message-----
> From: Hernán Morales
>
> (English readers scroll down a little bit...)
> No sé si este es el lugar apropiado para enviar esto. Hace un tiempo
> porté parcialmente el MersenneTwister desde un fuente C++ muy muy feo,
> sucio, malo, etc. a VisualSmalltalk. No recuerdo porqué lo hice, capaz
> que estaba con fiebre o algo así... como sea, ¿le sirve a alguien
> esto acá?
>
> Hello. I don't know if this is the right place for posting this. Some
> time ago I've partially ported the MersenneTwister from an ugly, dirty
> and bad C++ source to VisualSmalltalk. I don't know why I've done that,
> maybe I was sick or something... anyway, it is useful to anybody here?
>
> Mersenne Twister Home Page:
> http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
>
>
>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

MersenneTwister

2007-05-01T04:19:22Z

(English readers scroll down a little bit...)
No sé si este es el lugar apropiado para enviar esto. Hace un tiempo
porté parcialmente el MersenneTwister desde un fuente C++ muy muy feo,
sucio, malo, etc. a VisualSmalltalk. No recuerdo porqué lo hice, capaz
que estaba con fiebre o algo así... como sea, ¿le sirve a alguien
esto acá?

Hello. I don't know if this is the right place for posting this. Some
time ago I've partially ported the MersenneTwister from an ugly, dirty
and bad C++ source to VisualSmalltalk. I don't know why I've done that,
maybe I was sick or something... anyway, it is useful to anybody here?

Mersenne Twister Home Page:
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

New Cryptography Team Release on SqueakMap CTeam-1.01

2007-04-29T10:01:28Z

Hello All,

Rob Withers found a critical error in RSA Signatures that required that we
release a new version to support SMIME. We released a new version of the
Cryptography Team code on SqueakMap - CTeam-1.01. If you are using our code
you are encouraged to upgrade.

The current package for SMIME is located in a separated package in the
Cryptography Repository on www.squeakSource.com.

Thanks,

Ron Teitelbaum
Squeak Cryptography Team Leader

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

new version of the Cryptography package needs publishing to SqueakMap

2007-04-28T15:47:26Z

In finally getting SMIME to work, I ran across a bug in the RSA
signature code. There is a constructed message which is signed and
it needs to be a particular length. I thought that this length was
128, but I learned it is actually 256. I made the changes and tested.

Ron, could you please publish this new version to SqueakMap?

thanks,
Robert
_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Cryptography Team Package released on SqueakMap

2007-04-23T09:51:46Z

All,

The cryptography team has released a consolidated package on squeak map.

This release is the result of hard work of the Cryptography Team. The latest
team was formed in 2005. This release comes on 4/23/2007. Please see the
squeak source repository for more cryptography including SSL and SMime.
http://www.squeaksource.com/Cryptography.html. If you have an interest
please come join the team
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography. -
Ron Teitelbaum, Squeak Cryptography Team Leader, Ron@...

The cryptography package provides some basic cryptographic algorithms and
protocols. This change set integrates algorithms implemented by several
members of the Squeak community, including Ron Teitelbaum, Robert Withers,
Chris Muller, Hans-Martin Mosner, Leandro Caniglia, John Maloney, Duane
Maxwell, Luciano Notarfrancesco and Carlos Sarraute. There isn't much
documentation, but browsing the tests (CryptoTest) will give you a pretty
good idea of how to use it.

This package includes:
. Symmetric key algorithms: DES, 3DES, AES (Rijndael), ARC4, ARC2
. Block cipher modes: CBC, CFB, OFB
. Hash functions: MD4, MD5, SHA1, SHA256
. Public key algorithms: DSA, ElGamal, RSA
. Other stuff: HMACs, Diffie-Hellman, a random pool, a secure prng, a primes
finder
. ASN.1 support
. X509 v3 certificates
. Support for PKCS Files

Happy Coding!

Ron Teitelbaum
Squeak Cryptography Team Leader

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Re: RFC: Consolidating the Cryptography library for a general release

2007-04-22T15:06:55Z

Hi Rob, thanks for proposing this. I have long been a proponent of
consolidating them but the idea was always met with resistance. I
don't know what changed our minds, but I'm happy about it.

I guess I must be the least-concerned in the entire Squeak community
about having a little extra code in my images. Most of the crypto
packages are just a few bytes so I never understood what the big deal
is. Also, if someone was really bothered by it, they could always
easily strip whatever individual classes and methods they wanted.

I pretty much agree with your entire list of ones to include/exclude.

Thanks.
Chris

On 4/20/07, Robert Withers <reefedjib@...> wrote:

> This is a request for comment on consolidating the Cryptography
> library for a general release. What I mean by that is consolidating
> to a single Monticello package, that would allow users to one-click
> load the basic library. Currently there is an implicit load order
> which most users don't know. We still don't have Configuration
> support so that isn't a solution right now.
>
> If this idea is supported, I suggest we look at all the packages and
> decide which are "in", then generate the Cryptography package with
> these packages loaded.
>
> Those packages that are not included, like Cryptography-SMIME for
> instance, should really be renamed to not have the Cryptography-
> prefix. The old versions can be deleted to keep things clean.
>
> Those packages that are selected, and are determined to be complete,
> could be deleted as independent packages and we would just rely on
> them being in the consolidated package and develop there when
> needed. After this first step is completed, we could reassign the
> classes to a more compact categorization.
>
> Below is a list of the packages. Please vote and if your vote is
> yes, what are your package recommendations as described below.
>
> Rob
>
> Packages:
> Those with a '*' in front are my suggestions as to which is to be
> included in Cryptography. Those with a '!' in front are my
> suggestions as to which should be renamed away from Cryptography-.
> Those with a '+++' are candidates for deletion, since they have been
> superseded.
>
> * Cryptography-ARC2
> * Cryptography-ASN1
> * Cryptography-Core
> * Cryptography-DES
> * Cryptography-DSA
> * Cryptography-ElGamal
> * Cryptography-MD4
> * Cryptography-MD5
> * Cryptography-PKCS12
> * Cryptography-RC4
> * Cryptography-RSA
> * Cryptography-RandomAndPrime
> * Cryptography-Rijndael
> * Cryptography-SHA1
> * Cryptography-SHA256
> ! Cryptography-SMIME
> ! Cryptography-SSL
> * Cryptography-Tests
> * Cryptography-X509
> +++Fortuna (this exists in RandomAndPrime)
> ! Cryptography-MSCerts
> +++Cryptography-TLS (this is superseded by SSL)
> OpenPGP
>
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Re: RFC: Consolidating the Cryptography library for a general release

2007-04-22T01:48:45Z

2007/4/21, Robert Withers <reefedjib@...>:

>
> On Apr 21, 2007, at 10:26 AM, Philippe Marschall wrote:
>
> > 2007/4/21, Robert Withers <reefedjib@...>:
> >> Hi Philippe,
> >>
> >> I hadn't realized that Configurations had been fixed in 3.9. They
> >> were broken badly in 3.8.
> >
> > They don't work out of the box in 3.9, you're right about that. I
> > don't know what the situation on 3.8.1 is.
>
> I'm sorry but I don't think it is suitable to deploy Cryptography
> using a mechanism that does not work out of the box. It has been two
> cycles (3.8 and 3.9) where this problem has existed without being
> repaired. We are trying to arrive at a solution to allow users to
> load Cryptography out of the box, so they can start using
> applications that are built on top of Cryptography, like SMIME and
> SSL. I think consolidating the library makes perfect sense, and if
> someone needs a slimmed down version we can create one for them. I'm
> sorry if a little frustration is coming through, but Monticello is a
> fantastic product that I use everyday, but we have tried to notify
> people of the problem with Configurations and nothing was done. I
> would love to use it if it worked out of the box in 3.9. Maybe a fix
> could be added to 3.10.

You don't need to tell me, I'm neither maintainer of Monticello (yes
Monticello has a maintainer) or Monticello Configurations neither am I
in the release team. I'm just submitting patches.

> >
> >> This would certainly be a solution to load
> >> the various Crypto packages, and it would have the advantage of
> >> allowing people to load a smaller subset for constrained devices.
> >> I'll take you up on you offer to build a Configuration file for us.
> >> Is it possible to nest one configuration inside of another?
> >
> > No.
>
> Bummer.
>
> >
> >> If I
> >> build a SSL configuration, I would want to load the Cryptography
> >> configuration with it. O is this what Universes will deliver to us.
> >> Slightly confused.
> >
> > Universes supports dependencies afaik.
>
> Maybe this is now the solution, to add all packages to a Universe. I
> wonder if Universes can be nested.

I don't know enough about Universes.

> >
> >> Here is my in-order list of packages for the Cryptography
> >> Configuration:
> >>
> >> Cryptography-Core
> >> Cryptography-ARC2
> >> Cryptography-RC4
> >> Cryptography-MD4
> >> Cryptography-MD5
> >> Cryptography-SHA1
> >> Cryptography-SHA256
> >> Cryptography-DES
> >> Cryptography-DSA
> >> Cryptography-RSA
> >> Cryptography-ElGamal
> >> Cryptography-Rijndael
> >> Cryptography-RandomAndPrime
> >> Cryptography-ASN1
> >> Cryptography-X509
> >> Cryptography-PKCS12
> >> Cryptography-Tests
> >
> > http://mc.lukas-renggli.ch/spielverderber/Cryptography-pmm.1.mcm
> > (I don't have the commit right for the cryptography project on SqS)
>
> I tried but I couldn't load it. Where is the patch for Configurations?

The main problem is actually not Configurations but Monticello. There
are about three (maybe now four versions from which you can pick:

http://bugs.squeak.org/view.php?id=5217
http://bugs.squeak.org/view.php?id=4991
http://www.squeaksource.com/Trike.html

For 3.8 you might want to the one from the Impara repository:
http://source.impara.de/mc

Cheers
Philippe

> thanks and cheers,
> Rob
>
> >
> > Cheers
> > Philippe
> >
> >> cheers,
> >> Rob
> >>
> >> On Apr 21, 2007, at 8:55 AM, Philippe Marschall wrote:
> >>
> >> > 2007/4/21, Robert Withers <reefedjib@...>:
> >> >> This is a request for comment on consolidating the Cryptography
> >> >> library for a general release. What I mean by that is
> >> consolidating
> >> >> to a single Monticello package, that would allow users to one-
> >> click
> >> >> load the basic library. Currently there is an implicit load order
> >> >> which most users don't know. We still don't have Configuration
> >> >> support so that isn't a solution right now.
> >> >
> >> > What's the problem there? If you can load it with Monticello it
> >> should
> >> > be no problem to have a Configuration Map for it. I could even
> >> build
> >> > you one. Just tell me what you want in and in which order.
> >> >
> >> > Cheers
> >> > Philippe
> >> >
> >> >> If this idea is supported, I suggest we look at all the
> >> packages and
> >> >> decide which are "in", then generate the Cryptography package with
> >> >> these packages loaded.
> >> >>
> >> >> Those packages that are not included, like Cryptography-SMIME for
> >> >> instance, should really be renamed to not have the Cryptography-
> >> >> prefix. The old versions can be deleted to keep things clean.
> >> >>
> >> >> Those packages that are selected, and are determined to be
> >> complete,
> >> >> could be deleted as independent packages and we would just rely on
> >> >> them being in the consolidated package and develop there when
> >> >> needed. After this first step is completed, we could reassign the
> >> >> classes to a more compact categorization.
> >> >>
> >> >> Below is a list of the packages. Please vote and if your vote is
> >> >> yes, what are your package recommendations as described below.
> >> >>
> >> >> Rob
> >> >>
> >> >> Packages:
> >> >> Those with a '*' in front are my suggestions as to which is to be
> >> >> included in Cryptography. Those with a '!' in front are my
> >> >> suggestions as to which should be renamed away from Cryptography-.
> >> >> Those with a '+++' are candidates for deletion, since they have
> >> been
> >> >> superseded.
> >> >>
> >> >> * Cryptography-ARC2
> >> >> * Cryptography-ASN1
> >> >> * Cryptography-Core
> >> >> * Cryptography-DES
> >> >> * Cryptography-DSA
> >> >> * Cryptography-ElGamal
> >> >> * Cryptography-MD4
> >> >> * Cryptography-MD5
> >> >> * Cryptography-PKCS12
> >> >> * Cryptography-RC4
> >> >> * Cryptography-RSA
> >> >> * Cryptography-RandomAndPrime
> >> >> * Cryptography-Rijndael
> >> >> * Cryptography-SHA1
> >> >> * Cryptography-SHA256
> >> >> ! Cryptography-SMIME
> >> >> ! Cryptography-SSL
> >> >> * Cryptography-Tests
> >> >> * Cryptography-X509
> >> >> +++Fortuna (this exists in RandomAndPrime)
> >> >> ! Cryptography-MSCerts
> >> >> +++Cryptography-TLS (this is superseded by SSL)
> >> >> OpenPGP
> >> >>
> >> >> _______________________________________________
> >> >> Cryptography mailing list
> >> >> Cryptography@...
> >> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> >> cryptography
> >> >>
> >> > _______________________________________________
> >> > Cryptography mailing list
> >> > Cryptography@...
> >> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> > cryptography
> >>
> >>
> >> _______________________________________________
> >> Cryptography mailing list
> >> Cryptography@...
> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> cryptography
> >>
> >>
> >>
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography@...
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> > cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography@...
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
>
>

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

RE: RFC: Consolidating the Cryptography library fora general release

2007-04-21T21:32:31Z

I agree that there is no need to have separate packages for cryptography.
Our original goal was to allow separate base algorithms to be loaded
individually but there have already been a number of problems with
dependencies, especially the need to load MD5 before other packages. I
agree with your assessment, and baring no other objections from the team, I
would support consolidating base algorithms into Cryptography, and
applications into separate packages.

Ron

> -----Original Message-----
> From: Robert Withers [mailto:reefedjib@...]
> Sent: Saturday, April 21, 2007 11:31 AM
> To: Ron@...; Cryptography Team Development List
> Subject: Re: [Cryptography Team] RFC: Consolidating the Cryptography
> library fora general release
>
> Hi Ron,
>
>
> On Apr 20, 2007, at 7:53 PM, Ron Teitelbaum wrote:
>
> > Hi Rob,
> >
> > Very cool about the SMIME work I'm looking forward to working with it.
>
> I have one last bug to fix for signatures.
>
> > There is some working and useful code in MSCerts and I need to
> > review TLS
> > for any dependencies. Also the work that I started which
> > integrates SSL
> > with Kom is there, I think in the tls package, so as long as we
> > don't delete
> > them I'm ok with renaming them. Were you planning on moving SSL
> > and SMIME
> > into another repository or just renaming them within the Cryptography
> > repository?
>
> I was just going to re-categorize them and republish them as SSL and
> SMIME, but leave them in this repository. I have already done this
> locally for SMIME, but I am waiting for the go ahead on the
> consolidation.
>
> > We originally separated them out so that someone could select which
> > components they needed.
>
> I thought it was done to assist with concurrent development, but most
> of it is stable now.
>
> > I agree with you that this introduced some load
> > dependencies. Also the size of the classes themselves is not large
> > enough
> > to really warrant their own packages. We probably introduced more
> > problems
> > and confusion then we solved. So I agree with your suggestion and
> > would
> > support having one cryptography package with all the component
> > algorithms,
> > and then separate packages for applications. I should also move my
> > KeyHolder and my PasswordSaltAndStretch somewhere. I'm not sure
> > they are
> > components but they are not really applications either. Suggestions?
>
> I think something in RC2 or something uses KeyHolder, et al. Let's
> leave them in.
>
> So you agree with my package allocation?
>
> Rob
>
> >
> > Ron
> >
> >> -----Original Message-----
> >> From: Robert Withers
> >>
> >> This is a request for comment on consolidating the Cryptography
> >> library for a general release. What I mean by that is consolidating
> >> to a single Monticello package, that would allow users to one-click
> >> load the basic library. Currently there is an implicit load order
> >> which most users don't know. We still don't have Configuration
> >> support so that isn't a solution right now.
> >>
> >> If this idea is supported, I suggest we look at all the packages and
> >> decide which are "in", then generate the Cryptography package with
> >> these packages loaded.
> >>
> >> Those packages that are not included, like Cryptography-SMIME for
> >> instance, should really be renamed to not have the Cryptography-
> >> prefix. The old versions can be deleted to keep things clean.
> >>
> >> Those packages that are selected, and are determined to be complete,
> >> could be deleted as independent packages and we would just rely on
> >> them being in the consolidated package and develop there when
> >> needed. After this first step is completed, we could reassign the
> >> classes to a more compact categorization.
> >>
> >> Below is a list of the packages. Please vote and if your vote is
> >> yes, what are your package recommendations as described below.
> >>
> >> Rob
> >>
> >> Packages:
> >> Those with a '*' in front are my suggestions as to which is to be
> >> included in Cryptography. Those with a '!' in front are my
> >> suggestions as to which should be renamed away from Cryptography-.
> >> Those with a '+++' are candidates for deletion, since they have been
> >> superseded.
> >>
> >> * Cryptography-ARC2
> >> * Cryptography-ASN1
> >> * Cryptography-Core
> >> * Cryptography-DES
> >> * Cryptography-DSA
> >> * Cryptography-ElGamal
> >> * Cryptography-MD4
> >> * Cryptography-MD5
> >> * Cryptography-PKCS12
> >> * Cryptography-RC4
> >> * Cryptography-RSA
> >> * Cryptography-RandomAndPrime
> >> * Cryptography-Rijndael
> >> * Cryptography-SHA1
> >> * Cryptography-SHA256
> >> ! Cryptography-SMIME
> >> ! Cryptography-SSL
> >> * Cryptography-Tests
> >> * Cryptography-X509
> >> +++Fortuna (this exists in RandomAndPrime)
> >> ! Cryptography-MSCerts
> >> +++Cryptography-TLS (this is superseded by SSL)
> >> OpenPGP
> >>
> >> _______________________________________________
> >> Cryptography mailing list
> >> Cryptography@...
> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> >> cryptography
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography@...
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> > cryptography

_______________________________________________
Cryptography mailing list
Cryptography@...
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography