On 11 December 2017 at 03:08, henry <he...@callistohouse.club> wrote:
> > -------- Original Message -------- > Subject: Re: [Pharo-users] HMAC-SHA512 > Local Time: December 10, 2017 1:20 PM > UTC Time: December 10, 2017 6:20 PM > From: s...@stfx.eu > To: Any question about pharo is welcome <pharo-users@lists.pharo.org> > > > On 10 Dec 2017, at 17:46, Ben Coman b...@openinworld.com wrote: > Thanks Sven. Its interesting to trace that through to put other stuff I've > read about HMAC into perspective. > However SHA256 != SHA512 which is a defined requirement of the site I'm > accessing. > > I was too quick. > > There is also http://www.samadhiweb.com/blog/2017.02.18.shacrypt.html > > I prefer code written in Pharo, but if you need real performance, then > native code will be needed. Are you sure SHA512 is not in the Cryptography > package ? > > > SHA512 is not in the Cryptography package, but it would be great to see it > there, with an appropriate plugin, of course, for performance. I am toying > with the idea of extending SSL to include TLS 1.3, and that would require > SHA512, plus it would be great to keep the Cryptography package current. > Adding TLS 1.3 would be a fair amount of work requiring Diffie-Hellman > group extensions to ephemeral elliptic curves, in addition. I am unsure > what symmetric ciphers are used by TLS 1.3 also. The advantage is that it > is automatically cross-platform, even with plugin generation, such that > Cryptography could be used on the big 3 as well as on ARM, Android and iOS. > I'll keep dreaming about it. > Given that SSL is "so last century" [ https://www.polyglotdeveloper.com/timeline/2015-07-01-ssl-tls-timeline/] with security issues [Section 2.2 https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices ] and latency improvements in upcoming TLS1.3 [ https://www.keycdn.com/blog/tls-1-3] perhaps this would make a good bounty to be done outside the current planned work for engineering resources. There seem several potential resources available [ http://www.squeaksource.com/Cryptography.html] Could a plan be made to address TLS? cheers -ben