guile-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About Guile crypto support


From: Daniel Hartwig
Subject: Re: About Guile crypto support
Date: Mon, 4 Feb 2013 09:14:56 +0800

Hello

On 3 February 2013 20:55, Nala Ginrut <address@hidden> wrote:
> As mentioned in another thread about digest algorithm support in Guile,
> my plan is use part of implementation of libgcrypt and make a wrapper,
> then put into libguile.
> But now I found weinholt's Scheme industria lib, which contains all
> mainstream crypto(not only digest) algorithm.
> http://weinholt.se/industria/manual/crypto.html#crypto

As mentioned on that page, there are some issues that apply to any
pure Scheme implementation:

> Beware that if you're using some of these libraries for sensitive
> data, let's say passwords, then there is probably no way to make
> sure a password is ever gone from memory. There is no guarantee that
> the passwords will not be swapped out to disk or transmitted by
> radio.

Libgcrypt provides a means to specify that some data should be stored
in secured memory, which will never be swapped to disk. Doing
something similar in Guile may be problematic, at least with a
Scheme-only implementation.

> So what's your opinion, guys?
> Would you prefer C implementation or Scheme way?

As gcrypt is mature, reimplementing it in either C or Scheme just for
Guile does not seem useful — on it's own.  An FFI wrapper or extension
benefits from upstream security and maintenance efforts.


If you have a particular interest in learning about crypto. algorithms,
by all means port or write your own implementation using whichever
language.  If you want it to have a Scheme interface, then Scheme
seems a logical choice to use.

If your goal is only to provide crypto. support to Guile programs,
then time is better spent providing a wrapper to the existing library.
 Concerns about adding an external dependency do not hold much weight
next to the advantages of directly using the library; “don't repeat
yourself”, and all that.

Perhaps you are aware that there an extension for gcrypt under
development, with modules for the hash and randomize functions:
<https://gitorious.org/gcrypt-guile/>.


Regards



reply via email to

[Prev in Thread] Current Thread [Next in Thread]