From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id QAA22285; Fri, 20 Sep 2002 16:46:46 +0200 (MET DST) X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id QAA21954 for ; Fri, 20 Sep 2002 16:46:45 +0200 (MET DST) Received: from dirty.research.bell-labs.com (dirty.research.bell-labs.com [204.178.16.6]) by nez-perce.inria.fr (8.11.1/8.11.1) with ESMTP id g8KEkhD13745; Fri, 20 Sep 2002 16:46:44 +0200 (MET DST) Received: from scummy.research.bell-labs.com (H-135-104-2-10.research.bell-labs.com [135.104.2.10]) by dirty.research.bell-labs.com (8.12.5/8.12.5) with ESMTP id g8KEkThN047543; Fri, 20 Sep 2002 10:46:30 -0400 (EDT) Received: from mcs.research.bell-labs.com (mcs.research.bell-labs.com [135.104.32.15]) by scummy.research.bell-labs.com (8.11.6/8.11.6) with ESMTP id g8KEkNk65087; Fri, 20 Sep 2002 10:46:23 -0400 (EDT) Received: from SAHUGUETLT ([135.104.20.65]) by mcs.research.bell-labs.com (8.9.3/8.8.8) with SMTP id KAA2413178; Fri, 20 Sep 2002 10:46:22 -0400 (EDT) Message-ID: <013601c260b4$7d0da060$141919ac@bl.belllabs.com> From: "Arnaud SAHUGUET" To: "Xavier Leroy" , "Yurii A. Rashkovskii" Cc: "Ohad Rodeh" , References: <14331741431.20020918205930@openeas.org> <20020920151510.A19108@pauillac.inria.fr> Subject: Re: [Caml-list] OcamlSpread 0.0.1 released Date: Fri, 20 Sep 2002 10:45:48 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-caml-list@pauillac.inria.fr Precedence: bulk When choosing a crypto package, there are a few points to consider: - the people who implement the package (Good) crypto algorithms are usually secure on paper. But when translated in code, this is not always the case. - the range of algorithms supported Actually this is not so critical because most protocol start with a negociation phase. - the maintenance of the package Flaws are being discovered everyday. It is better to use a crypto package which is widely used, tested and maintained. - the license openSSL seems to be a really good contender. Sun announced yesterday that it is donated its Elliptic Curve crypto implementation (ECC) to the project. That's really for embedded devices because ECC offers the same level of security with much smaller key size. I think the last and worst thing to do is to re-implement some crypto from scratch. regards, Arnaud ----- Original Message ----- From: "Xavier Leroy" To: "Yurii A. Rashkovskii" Cc: "Ohad Rodeh" ; Sent: Friday, September 20, 2002 9:15 AM Subject: Re: [Caml-list] OcamlSpread 0.0.1 released > > The question is not a speed, but strength of the algorithms. I think > > that Ensemble *should* have storng algorithms for security or > > pluggable interface to switch in OpenSSL, cryptokit or whatsoever. > > As Ohad said, OpenSSL offers more ciphers than my Cryptokit, and some > of them probably run faster in OpenSSL, but still the ciphers and > hashes supported by Cryptokit are entirely standard (AES, Triple DES, > RC4, RSA, etc) and have no known cryptographic weaknesses -- provided > adequate key sizes are selected, of course. > > Security holes are much more likely to arise as a consequence of > incorrect use of these algorithms, e.g. at the cryptographic protocol > level, than as a consequence of a weakness of the algorithms > themselves. > > - Xavier Leroy > ------------------- > To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr > Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners