[Glass] Encryption in GemStone
Paul DeBruicker
pdebruic at gmail.com
Wed Nov 20 07:29:27 PST 2013
Mariano Martinez Peck wrote
>
> Paul, shall I commit this change to the Pharo version since in Pharo
> #fromByteArray: ends up doing the same?
>
> Thanks,
>
> --
> Mariano
> http://marianopeck.wordpress.com
Hi Mariano,
Yes I think you should commit your version to the smalltalkhub repo. I
originally wrote it to eventually have a Smalltalk bcrypt implementation. I
stopped work on the Smalltalk bcrypt version (& Blowfish) when I could
determine that my version was going to be about 5000x slower than the C
version you could access through FFI. As we've discussed the Blowfish
implementation works on Pharo for 8 byte chunks only. I'd need to implement
cipher block chaining [0] to have it work for longer strings
For one-way hashes be aware that SecureHashAlgorithm implements SHA-1 which
has been shown to be vulnerable to attack [1] since 2005. In the
Cryptography repo on GemSource [2] there is the PasswordHashingFFI which on
linux at least gives you access to bcrypt and the more modern one way SHA
algorithms in the crypt(3) library. For bcrypt you'll need a 64 bit version
of libxcrypt installed for GemStone
Thanks for keeping up on this
Paul
[0] https://en.wikipedia.org/wiki/Cipher_block_chaining
[1] https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
[2] http://seaside.gemtalksystems.com/ss/Cryptography
--
View this message in context: http://forum.world.st/Glass-Encryption-in-GemStone-tp4723580p4723736.html
Sent from the GLASS mailing list archive at Nabble.com.
More information about the Glass
mailing list