Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com>
Date: Thu, 25 Apr 2013 08:43:25 +0200
From: Gregor Pintar <grpintar@...il.com>
To: musl@...ts.openwall.com
Subject: Re: High-priority library replacements?

Hello.

2013/4/25, Rich Felker <dalias@...ifal.cx>:
> 2. SSL. The modern internet basically requires using SSL everywhere.
> We should be aiming/expecting to transition to a world where even
> non-login-based sites are 100% https; the threats of malicious http
> injection attacks from rogue or advertising-based access points has
> gotten too great. Unfortunately, all of the existing SSL
> implementations are bloated, buggy, and fail even the most basic
> robustness requirements. A good solution would be based on tomcrypt
> and would expose a minimal, simple API suited for event-loop-based or
> threaded use. It may also be useful to have an optional wrapper layer
> to expose an API that mimics openssl or gnutls. It should also be able
> to keep up with the changing demands of how to determine which
> certificate authorities are to be trusted.
I am working on cryptographic library. It's far from being finished.
I would be very glad, if someone could look at it.
Currently I have problems with API design so help would be welcome.
It isn't in git yet.
You can get it here:
https://dl.dropboxusercontent.com/u/83450675/kripto/kripto.tar.gz
I have plans for SSL library on top of it, but it could take years.

I think best way is not to trust any certificate authority.
Maybe some certificate p2p protocol could be done?

> All of these libraries should:
>
> - Avoid namespace pollution. Only external symbols should be the
>   public API and internal-use stuff prefixed with an ugly prefix
>   that's extremely unlikely to clash with anything.
All external symbols have "kripto_" prefix.

> - Avoid unnecessary allocation. Use caller-provided objects where
>   possible or provide both options.
I am trying to do least malloc()s possible.

> - Have absolutely zero global state.
There is no global state and there won't be any.

Gregor

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.