[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cryptokit.Random unsuitable in cooperative multithreaded systems

On 23 Apr 2013, at 15:20, Vincent Bernardoff <vb@xxxxxxxxxxxxxx> wrote:

> On 23/04/2013 15:05, Anil Madhavapeddy wrote:
>>> Additionally, Vincent Bernardoff appears to have forked Cryptokit with
>>> >the unmerged addition of 
>>> >SHA-512<https://github.com/vbmithr/cryptokit-sha512>.
>>> >
>>> >What's the status of this library? Is it part of Mirage? Are we
>>> >forking it? Is it maintained?
>> We'll need a short-term Mirage fork to separate out the C bindings, but
>> should feed it back upstream in the long term.  Vincent, I'll leave the 
>> SHA256
>> question to you.
> Hi.
> Yeah, at some point I needed SHA512 for a project, so I just merged all sha 
> code from Vincent Hanquez' ocaml-sha into cryptokit, calling that 
> cryptokit-sha512.
> What is the status ->
> A fork of cryptokit with sha512 added on it and slightly more efficient SHA C 
> code overall (Like SHA512 faster than Xavier implementation of SHA1!)
> Part of Mirage -> No
> Are we forking it -> No, AFAIK
> Is it maintained -> No more no less than the original cryptokit. It should 
> work the same as upstream cryptokit.
> That's about it. Ultimately, my "fork" could be merged into upstream, but I 
> fear this is yet another project where upstream do not care anymore.

Cryptokit's a pretty important project, particularly to Mirage.  If I remember 
right, it moved to the Forge after Sylvain took over maintainership.  The last 
release was June 2012, so it doesn't seem totally unmaintained.

For now, I'd suggest mirroring the upstream repo on Github to make it easier 
for us to use, and  keeping a feature branch with SHA256.

For Mirage, we need to extract out the C functions (mainly for SHA) separately 
from the zlib bindings, and port the ones we want in 
mirage-platform/xen/runtime.  I would drop the zlib bindings until we get a 
chance to implement them in OCaml (about a day's work).  It's also not 
essential to have zlib in our libraries at present, except for SSH compression 
(which is optional).  SHA, however, is used in a lot of places.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.