"Cryptography uses several plugins, not only DES." what are the other plugins then?
2009/5/24 Mariano Martinez Peck <marianop...@gmail.com> > > > 2009/5/23 John McIntosh <john...@smalltalkconsulting.com> > >> Ok, in the past I've built the DES plugin for the macintosh. >> However I should point out that Cryptography should NOT be made part of >> the base VM. >> > > I didn't understand you. Cryptography uses several plugins, not only DES. > Are you talking Cryptography in general or just DES? > > In addition you said the Cryptography should not be included in the base > VM. Did you wanted to say base image ? > > Greetings, > > Mariano > > > >> Why? Well the USA government then wants you to fill out export paperwork >> if you are USA company or selling product thru the USA that someone that >> doesn't live in the USA could buy. An example of this is when you submit >> apps to the Apple iPhone app store, then you are asked if the product >> includes any encryption and if you have done the paperwork. >> > >> Yes I know this is a irksome rule, but people should be aware of the >> implications. >> >> 2009/5/23 Mariano Martinez Peck <marianop...@gmail.com> >> >> Did someone commit any kind of magic to Pharo core orCryptography packge ? >>> I just prepared a latest image to start working on it but I see only 3 red >>> tests. Those are: testDES, testDES2 and testDSASigninAndVerifying. >>> >>> And all of them fail because of the same problem: a primitive has failed. >>> The primitive is >>> >>> primCookKey: aByteArray mode: flag to: cooked >>> <primitive: 'primitiveDESCookKey' module: 'DESPlugin'> >>> ^ self primitiveFailed >>> >>> I look here: http://code.google.com/p/pharo/wiki/VMPluginOverview but >>> I didn't found it. I don't have that plugin in my Exupery VM. >>> >>> Perhaps downloading VMMaker and try to generate the plugin is a good idea >>> but I never even download VMMaker haha >>> >>> Anyway, is this important? >>> >>> Cheers, >>> >>> Mariano >>> >>> >>> >>> >>> >>> On Fri, May 22, 2009 at 1:42 PM, Schwab,Wilhelm K <bsch...@anest.ufl.edu >>> > wrote: >>> >>>> Stef, >>>> >>>> I proposed that a while ago, but there was a stunning lack of response. >>>> The offer is still good however; I'd welcome a group effort to tackle it. >>>> >>>> Bill >>>> >>>> >>>> -----Original Message----- >>>> From: pharo-project-boun...@lists.gforge.inria.fr [mailto: >>>> pharo-project-boun...@lists.gforge.inria.fr] On Behalf Of Stéphane >>>> Ducasse >>>> Sent: Friday, May 22, 2009 9:55 AM >>>> To: Pharo-project@lists.gforge.inria.fr >>>> Subject: Re: [Pharo-project] Port of Cryptography to Pharo >>>> >>>> Hi guys >>>> >>>> Why don;t you join forces and create a Cryptography package which work >>>> for pharo and for you. >>>> Mariano I still would love to know the method of integer that are >>>> missing >>>> >>>> Stef >>>> >>>> On May 22, 2009, at 4:47 PM, Jan van de Sandt wrote: >>>> >>>> > Hello, >>>> > >>>> > I faced the same problem with Cloudfork-AWS. This project required the >>>> > Cryptography package for generating the signatures using SHA and for >>>> > generating MD5 hash values. >>>> > >>>> > When I had problems loading the package in Pharo and I learned that >>>> > the package was no longer maintained I copied the classes I required >>>> > to a Cloudfork package. I needed the MD5, SHA1 and SHA256 classes. I >>>> > renamed them to CFMD5, CFSHA1 and CFSHA256, I also prefixed all the >>>> > methods in the required class extensions with cf. For example >>>> > ThirtyTwoBitRegister>>cfBitShift: anInteger. You can use a simular >>>> > approach for Glorp. >>>> > >>>> > Jan. >>>> > >>>> > PS: Another dependency of Cloudfork is a HTTP client. I'm now >>>> > playing around with the CurlPlugin, this plugin works very well. >>>> > Things like supporting https become real easy >>>> > >>>> > 2009/5/22 Mariano Martinez Peck <marianop...@gmail.com> >>>> > >>>> > >>>> > On Fri, May 22, 2009 at 9:18 AM, Ramiro Diaz Trepat < >>>> ramiro.diaz.tre...@jpmorgan.com >>>> > > wrote: >>>> > I'm really sorry to hear it is no longer being maintained. >>>> > It was a necessary package to connect to properly set up Postgres >>>> > databases, that requiere sending password hashes with SHA-1. We >>>> > will probably face this kind of need when interacting with the >>>> > outside world in general. >>>> > >>>> > Yes. That's why I saw it. I am trying to make Glorp to work in >>>> > Pharo, but as you know Glorp in Squeak only works with Postgres. And >>>> > the native postgres driver requieres cryptography package when you >>>> > use md5 :( >>>> > >>>> > Just for now, I disable md5 from my postgres and use "password" auth- >>>> > method. With this, cryptography is not needed. However, this is not >>>> > an option in a production enviorment. >>>> > >>>> > Cheers, >>>> > >>>> > Mariano >>>> > >>>> > >>>> > It was a fantastic package, I wonder why the maintainers droped it. >>>> > I suppose maintaining crypto frameworks up to date, with no >>>> > vulnerabilities, is a lot of work. >>>> > Sorry for venting out my sadnes to the list. >>>> > Cheers >>>> > >>>> > r. >>>> > >>>> > >>>> > >>>> > >>>> > -----Original Message----- >>>> > From: pharo-project-boun...@lists.gforge.inria.fr [mailto: >>>> pharo-project-boun...@lists.gforge.inria.fr >>>> > ] On Behalf Of Stéphane Ducasse >>>> > Sent: 22 May 2009 11:08 >>>> > To: Pharo-project@lists.gforge.inria.fr >>>> > Subject: Re: [Pharo-project] Port of Cryptography to Pharo >>>> > >>>> > Ok I thought the cryptology package was working well and maintained. >>>> > >>>> > Stef >>>> > >>>> > On May 22, 2009, at 11:58 AM, Schwab,Wilhelm K wrote: >>>> > >>>> > > Agreed: I mentioned both curl and OpenSSL - we should embrace both. >>>> > > AFACT, the cryptography package is a thing of the past, and we >>>> > > should look to active projects. Tell me where I'm wrong, please. >>>> > > >>>> > > Another reality, fair or not: if we were to take on the enormous >>>> > > burden of maintaining the cypto package, there would always be >>>> > > questions about security holes we left open. The same will be true >>>> > > of OpenSSL, but there is (not always fair) credibility in numbers >>>> > > widely known projects. There will be would-be users of Pharo who >>>> > > will want OpenSSL for its reputation, and who would question a home- >>>> > > grown solution. >>>> > > >>>> > > Bill >>>> > > >>>> > > >>>> > > From: pharo-project-boun...@lists.gforge.inria.fr [mailto: >>>> pharo-project-boun...@lists.gforge.inria.fr >>>> > > ] On Behalf Of Fernando olivero >>>> > > Sent: Friday, May 22, 2009 4:20 AM >>>> > > To: Pharo-project@lists.gforge.inria.fr >>>> > > Subject: Re: [Pharo-project] Port of Cryptography to Pharo >>>> > > >>>> > > >>>> > > Just a comment, >>>> > > >>>> > > you could use the new AlienFFI framework to comunicate with curl. >>>> > > Or reify any C library you want in Pharo. >>>> > > >>>> > > Fernando >>>> > > >>>> > > >>>> > > On May 22, 2009, at 5:04 AM, Schwab,Wilhelm K wrote: >>>> > > >>>> > >> The most recent post on the crytography mailing list starts out as >>>> > >> follows: >>>> > >> >>>> > >> Since the Cryptography Team doesn't exists anymore, the >>>> > >> Cryptography package is not maintained by anyone. The SSL >>>> > >> implementation doesn't allow easy debugging, you can't just turn on >>>> > >> logging to see what's happening. Following the state machine >>>> > >> transitions should give you the answer why the handshake isn't >>>> > >> succeding. It might be related to certificates or TLS->SSL3 >>>> > >> fallback. If I were you, I would go with curl. >>>> > >> I think it is time to write a wrapper around open SSL in addition >>>> > >> to looking at the curl plugin. Trying to write cryptography code >>>> > >> from scratch and get and keep it right is a huge effort, and pretty >>>> > >> avoidable, and IMHO, better avoided by letting others do the job. >>>> > >> Ever read Sun Tzu? >>>> > >> >>>> > >> Bill >>>> > >> >>>> > >> >>>> > >> >>>> > >> From: pharo-project-boun...@lists.gforge.inria.fr [mailto: >>>> pharo-project-boun...@lists.gforge.inria.fr >>>> > >> ] On Behalf Of Mariano Martinez Peck >>>> > >> Sent: Thursday, May 21, 2009 8:51 PM >>>> > >> To: Pharo Development >>>> > >> Subject: [Pharo-project] Port of Cryptography to Pharo >>>> > >> >>>> > >> I don't know if there is anyone of the developers of the package >>>> > >> Cryptography but is someone is willing to do the port of it to >>>> > >> Pharo? Most tests are break and it seems not to work because lots >>>> > >> of Cryptography methods where in classes like SmallInteger and >>>> > >> these methods were removed in Pharo. >>>> > >> >>>> > >> Regards, >>>> > >> >>>> > >> Mariano >>>> > >> <ATT00001.txt> >>>> > > >>>> > > _______________________________________________ >>>> > > Pharo-project mailing list >>>> > > Pharo-project@lists.gforge.inria.fr >>>> > > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> > >>>> > >>>> > _______________________________________________ >>>> > Pharo-project mailing list >>>> > Pharo-project@lists.gforge.inria.fr >>>> > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> > This email is confidential and subject to important disclaimers and >>>> > conditions including on offers for the purchase or sale of >>>> > securities, accuracy and completeness of information, viruses, >>>> > confidentiality, legal privilege, and legal entity disclaimers, >>>> > available at http://www.jpmorgan.com/pages/disclosures/email. >>>> > >>>> > _______________________________________________ >>>> > Pharo-project mailing list >>>> > Pharo-project@lists.gforge.inria.fr >>>> > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> > >>>> > >>>> > _______________________________________________ >>>> > Pharo-project mailing list >>>> > Pharo-project@lists.gforge.inria.fr >>>> > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> > >>>> > _______________________________________________ >>>> > Pharo-project mailing list >>>> > Pharo-project@lists.gforge.inria.fr >>>> > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> >>>> >>>> _______________________________________________ >>>> Pharo-project mailing list >>>> Pharo-project@lists.gforge.inria.fr >>>> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> >>>> _______________________________________________ >>>> Pharo-project mailing list >>>> Pharo-project@lists.gforge.inria.fr >>>> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>>> >>> >>> >>> _______________________________________________ >>> Pharo-project mailing list >>> Pharo-project@lists.gforge.inria.fr >>> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >>> >> >> >> >> -- >> >> =========================================================================== >> John M. McIntosh <john...@smalltalkconsulting.com> >> Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com >> >> =========================================================================== >> >> >> >> _______________________________________________ >> Pharo-project mailing list >> Pharo-project@lists.gforge.inria.fr >> http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project >> > > > _______________________________________________ > Pharo-project mailing list > Pharo-project@lists.gforge.inria.fr > http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project > -- =========================================================================== John M. McIntosh <john...@smalltalkconsulting.com> Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com ===========================================================================
_______________________________________________ Pharo-project mailing list Pharo-project@lists.gforge.inria.fr http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
