Distributed Information System (DIS)
  • Home
  • The blog
  • Contact

Progress on cryptography

7/20/2007

0 Comments

 

The low level C++ wrapper class for cryptographic functions is now finalized. I use XySSL as low level C cryptographic library. XySSL is an open source project of Christophe Devine, a French computer scientist specialized in security. XySSL will support the VIA padlock cryptographic engine which is a good news since VIA servers are cheap, cold and low consuming computers.

The signing algorithm is parameterized so that one can easily switch to a stronger model if needed. For now we'll use the PKCS1 2.0 OAEP signature model described in RFC3447 because it is stream friendly. The signature model described in IEEE 1363a adds a salt with the hash value. The salt is some random bytes that are hashed before the information to sign.

The problem with this is that the salt is not available when starting to decode the information. To do so we would have to put the signature in front of the information. But then it is the signature generation that would not be stream friendly. One would have to first serialize the data in some buffer so that we can compute the hash value and encode the signature. This then breaks the stream processing model.

It is not clear to me how this salt adds any security to the signature. Please add a comment if you have some hints on this. It seem that picking a stronger hash function with longer digest or combining multiple hash functions output would contribute more to security than the salt value.
 

0 Comments

Suggested reading: Hacknot !

7/8/2007

0 Comments

 

An enlightening reading on hacking! 'To those about to hack"

As people may have understood by now, I'm more of an Abe than a George...

0 Comments

Progress status

7/7/2007

0 Comments

 

Progress is good on multiple fronts.

- I never managed to make libgc (C++ garbage collector) work with code compiled in release mode (VC2003). I spent some time debugging it without success. Version 7.0 has just been release but the problem is still there. So I had to solve it. I finally found out the cause and made a quick hack for my code to work. The author has been notified and I hope the bug will be definitely fixed in the next release.

- In the mean time I also investigated various cryptographic packages to use for the prototype. There are quite many out there. Openssl is the one I'll pick because it fits best my requirements. But it needs a C++ wrapper that makes its use more simple and convenient as in other C++ cryptographic packages.

- Signed and multi-signed information data encoding format is now finalized. It was not trivial because the requirements were quite tricky to match. Their properties are attractive, but this must still be implemented and tested to validate its usability.

0 Comments

    Author

    Christophe Meessen is a  computer science engineer working in France.

    Any suggestions to make DIS more useful ? Tell me by using the contact page.

    Categories

    All
    Business Model
    Database
    Dis
    Ditp
    Dvcs
    Git
    Gob
    Idr
    Misc
    Murphys Law
    Programming Language
    Progress Status
    Startup
    Suggested Reading
    Web Site

    Archives

    December 2017
    November 2015
    September 2015
    February 2013
    December 2012
    November 2012
    May 2012
    February 2012
    March 2010
    October 2009
    September 2009
    July 2009
    June 2009
    May 2009
    February 2009
    January 2009
    November 2008
    September 2008
    August 2008
    July 2008
    May 2008
    April 2008
    March 2008
    February 2008
    January 2008
    December 2007
    October 2007
    August 2007
    July 2007
    June 2007
    May 2007

    RSS Feed

    Live traffic feed
    You have no departures or arrivals yet. Wait a few minutes and check again.
    Powered by FEEDJIT
Powered by Create your own unique website with customizable templates.