Re: Re[4]: [Caml-list] OcamlSpread 0.0.1 released

Re: Re[4]: [Caml-list] OcamlSpread 0.0.1 released

[Ohad Rodeh]

For Ensemble, or that I need is the symmetric encryption and
Diffie-Hellman. It is possible
that OpenSSL has a faster implementation of Diffie-Hellman, but as long as
the difference
is not too great, I'd rather use an OCaml library.

      Ohad.
-----------------------------------------------------------------------------------

Ohad Rodeh
tel: +972-3-6401641
IBM Haifa, storage research


                                                                                                                                       
                      "Yurii A.                                                                                                        
                      Rashkovskii"             To:       Ohad Rodeh/Haifa/IBM@IBMIL                                                    
                      <yrashk@openeas.o        cc:       "John Gerard Malecki" <johnm@artisan.com>, caml-list@inria.fr                 
                      rg>                      Subject:  Re[4]: [Caml-list] OcamlSpread 0.0.1 released                                 
                                                                                                                                       
                      18/09/2002 09:36                                                                                                 
                      Please respond to                                                                                                
                      "Yurii A.                                                                                                        
                      Rashkovskii"                                                                                                     
                                                                                                                                       
                                                                                                                                       



Hello Ohad,

Wednesday, September 18, 2002, 7:13:48 PM, you wrote:

OR> Both systems support secure groups, though they have different models
for
OR> this. As an
OR> aside, Ensemble intends to move from using OpenSSL to Xavier's
cryptokit.

Do you think it is really needed? One of my friend who is a degreed
specialist in security said that algorithms used in OpenSSL are
stronger than in Xavier's cryptokit.

--
Best regards,
 Yurii                            mailto:yrashk@openeas.org






-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re[6]: [Caml-list] OcamlSpread 0.0.1 released

[Yurii A. Rashkovskii]

Hello Ohad,

Wednesday, September 18, 2002, 7:56:09 PM, you wrote:

OR> For Ensemble, or that I need is the symmetric encryption and
OR> Diffie-Hellman. It is possible
OR> that OpenSSL has a faster implementation of Diffie-Hellman, but as long as
OR> the difference
OR> is not too great, I'd rather use an OCaml library.

The question is not a speed, but strength of the algorithms. I think
that Ensemble *should* have storng algorithms for security or
pluggable interface to switch in OpenSSL, cryptokit or whatsoever.

I'm developing an enterprise-level application in OCaml using Ensemble
and security is a thing that should be quite strong :)


-- 
Best regards,
 Yurii                            mailto:yrashk@openeas.org


-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] OcamlSpread 0.0.1 released

[Xavier Leroy]

> The question is not a speed, but strength of the algorithms. I think
> that Ensemble *should* have storng algorithms for security or
> pluggable interface to switch in OpenSSL, cryptokit or whatsoever.

As Ohad said, OpenSSL offers more ciphers than my Cryptokit, and some
of them probably run faster in OpenSSL, but still the ciphers and
hashes supported by Cryptokit are entirely standard (AES, Triple DES,
RC4, RSA, etc) and have no known cryptographic weaknesses -- provided
adequate key sizes are selected, of course.

Security holes are much more likely to arise as a consequence of
incorrect use of these algorithms, e.g. at the cryptographic protocol
level, than as a consequence of a weakness of the algorithms
themselves.

- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] OcamlSpread 0.0.1 released

[Arnaud SAHUGUET]

When choosing a crypto package, there are a few points to consider:

- the people who implement the package
(Good) crypto algorithms are usually secure on paper. But when translated in
code, this is not always the case.

- the range of algorithms supported
Actually this is not so critical because most protocol start with a
negociation phase.

- the maintenance of the package
Flaws are being discovered everyday. It is better to use a crypto package
which is widely used, tested and maintained.

- the license

openSSL seems to be a really good contender. Sun announced yesterday that it
is donated its Elliptic Curve crypto implementation (ECC)  to the project.
That's really for embedded devices because ECC offers the same level of
security with much smaller key size.

I think the last and worst thing to do is to re-implement some crypto from
scratch.

regards,

Arnaud

----- Original Message -----
From: "Xavier Leroy" <xavier.leroy@inria.fr>
To: "Yurii A. Rashkovskii" <yrashk@openeas.org>
Cc: "Ohad Rodeh" <ORODEH@il.ibm.com>; <caml-list@inria.fr>
Sent: Friday, September 20, 2002 9:15 AM
Subject: Re: [Caml-list] OcamlSpread 0.0.1 released


> > The question is not a speed, but strength of the algorithms. I think
> > that Ensemble *should* have storng algorithms for security or
> > pluggable interface to switch in OpenSSL, cryptokit or whatsoever.
>
> As Ohad said, OpenSSL offers more ciphers than my Cryptokit, and some
> of them probably run faster in OpenSSL, but still the ciphers and
> hashes supported by Cryptokit are entirely standard (AES, Triple DES,
> RC4, RSA, etc) and have no known cryptographic weaknesses -- provided
> adequate key sizes are selected, of course.
>
> Security holes are much more likely to arise as a consequence of
> incorrect use of these algorithms, e.g. at the cryptographic protocol
> level, than as a consequence of a weakness of the algorithms
> themselves.
>
> - Xavier Leroy
> -------------------
> To unsubscribe, mail caml-list-request@inria.fr Archives:
http://caml.inria.fr
> Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ:
http://caml.inria.fr/FAQ/
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
>

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re[4]: [Caml-list] OcamlSpread 0.0.1 released

[Yurii A. Rashkovskii]

Hello Ohad,

Wednesday, September 18, 2002, 7:13:48 PM, you wrote:

OR> Both systems support secure groups, though they have different models for
OR> this. As an
OR> aside, Ensemble intends to move from using OpenSSL to Xavier's cryptokit.

Do you think it is really needed? One of my friend who is a degreed
specialist in security said that algorithms used in OpenSSL are
stronger than in Xavier's cryptokit.

-- 
Best regards,
 Yurii                            mailto:yrashk@openeas.org


-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners