[Glass] Encryption in GemStone
Mariano Martinez Peck
marianopeck at gmail.com
Wed Nov 20 08:45:58 PST 2013
On Wed, Nov 20, 2013 at 12:29 PM, Paul DeBruicker <pdebruic at gmail.com>wrote:
> Mariano Martinez Peck wrote
> >
> > Paul, shall I commit this change to the Pharo version since in Pharo
> > #fromByteArray: ends up doing the same?
> >
> > Thanks,
> >
> > --
> > Mariano
> > http://marianopeck.wordpress.com
>
> Hi Mariano,
>
> Yes I think you should commit your version to the smalltalkhub repo. I
> originally wrote it to eventually have a Smalltalk bcrypt implementation.
> I
> stopped work on the Smalltalk bcrypt version (& Blowfish) when I could
> determine that my version was going to be about 5000x slower than the C
> version you could access through FFI.
Hi Paul,
Did you write a FFI wrapper already for that?
> As we've discussed the Blowfish
> implementation works on Pharo for 8 byte chunks only. I'd need to
> implement
> cipher block chaining [0] to have it work for longer strings
>
>
Yes, I know :( if you have a string bigger than 8 characters the rest
remains unencrypted :(
But this is the only two-way encrypting we have out of the box for
GemStone, isn't it?
For one-way hashes be aware that SecureHashAlgorithm implements SHA-1 which
> has been shown to be vulnerable to attack [1] since 2005. In the
> Cryptography repo on GemSource [2] there is the PasswordHashingFFI which on
> linux at least gives you access to bcrypt and the more modern one way SHA
> algorithms in the crypt(3) library. For bcrypt you'll need a 64 bit version
> of libxcrypt installed for GemStone
>
>
OK, good to know.
> Thanks for keeping up on this
>
> Paul
>
> [0] https://en.wikipedia.org/wiki/Cipher_block_chaining
> [1] https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
> [2] http://seaside.gemtalksystems.com/ss/Cryptography
>
>
>
> --
> View this message in context:
> http://forum.world.st/Glass-Encryption-in-GemStone-tp4723580p4723736.html
> Sent from the GLASS mailing list archive at Nabble.com.
> _______________________________________________
> Glass mailing list
> Glass at lists.gemtalksystems.com
> http://lists.gemtalksystems.com/mailman/listinfo/glass
>
--
Mariano
http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/glass/attachments/20131120/a1e0d4d5/attachment.html>
More information about the Glass
mailing list