On 16/05/14 06:34, Charles wrote: > Hi all, > This summer I'm going to be working on creating a High-Level crypto > API for Freenet. My mentor is Florent Daigniere. I will be > benchmarking JCA and BouncyCastle against Freenet's current crypto > implementation to find out which is better in terms of performance and > security for each algorithm. Then I will use the benchmarks to create > a high-level crypto API. I'll also create a benchmark that will run > when Freenet starts to decide if native code is faster vs the java > implementation on that architecture and adjust the API to use the > faster one. Once the API is finished I will help merge it into the > code base. > If you have any questions or suggestions please let me know. > I am unixninja92 on IRC. > -Charles Teese Actually we already do the benchmark-and-choice-on-startup for many algorithms, thanks to Eleriseth's patches.
However, a coherent crypto API at an appropriate level is definitely a good thing. I thought nextgens was in favour of using some form of TLS though? Note that using TLS correctly is nontrivial (e.g. the defaults don't have PFS and so are far less secure than our current code on at least one measure), although there are UDP versions we could use... He's also in favour of using "consistent" keylengths, i.e. reducing the key length for symmetric crypto because the keys generated aren't large enough to justify it anyway, and there may be difficulties with making connection setup generate bigger keys... More generally, is the plan to keep the existing protocols and key lengths, but refactor to make them clearer and less risky, or will you be changing any algorithms or parameters?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
