Re: Adding standalone RSA code

From: Richard Coleman (rcoleman_at_criticalmagic.com)
Date: 12/10/04

  • Next message: Colin Percival: "Re: Adding standalone RSA code"
    Date: Fri, 10 Dec 2004 11:02:57 -0500
    To: Colin Percival <colin.percival@wadham.ox.ac.uk>
    
    

    Colin Percival wrote:
    > I'd like to add a new library for lightweight barebones RSA
    > computations, and associated commandline rsa-makekey, rsa-sign, and
    > rsa-verify utilities.
    >
    > To a certain extent, this duplicates existing functionality
    > (openssl), but I think my code has important advantages which justify
    > the duplication: 1. It is lightweight (around 2% of the size of
    > openssl), which may allow it to be used in memory-limited
    > environments, 2. It is far more auditable, due to its smaller size,
    > and 3. It is designed for security rather than performance; I made
    > certain design decisions which result in my code being rather slower
    > than openssl as a result of a desire to avoid potential attack
    > vectors.
    >
    > My reason for wanting to add this code is that I'm using it in
    > FreeBSD Update (and recently portsnap as well) and this is the first
    > step towards migrating that into the base system.
    >
    > Any objections?
    >
    > Colin Percival

    If the objective is to create a standard library for memory limited
    cryptography, then using elliptic curve cryptography would be more
    appropriate than RSA. But that may be too radical for most users.

    My primary concern about a new library is that as more applications use
    cryptography, the more openssl becomes a "sunk" cost. It's already
    there. So using an alternate library (even a small one) is an increase
    in memory utilization. Also, as Mark says, openssl is much more likely
    to grow hardware support for common crypto algorithms (like in the VIA
    chip).

    Just my random thoughts. Don't take this as a strenuous objection.

    Richard Coleman
    rcoleman@criticalmagic.com
    _______________________________________________
    freebsd-arch@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-arch
    To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"


  • Next message: Colin Percival: "Re: Adding standalone RSA code"