r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[Red] Red language group

Dockimbel
9-Nov-2011
[3747]
Some code for hashing and encrypting could be borrowed from PuTTY. 
Anyway, those algorithms are well documented and some of them even 
have public domain implementations (like MD5).
Geomol
9-Nov-2011
[3748x3]
The RFC for TLS (Transport Layer Security) is 100 pages:
http://tools.ietf.org/html/rfc5246


Is it necessary to implement TLS these days, or is its predecessor 
(SSL) enough?
Too bad, it's such a load to implement some security. :/
Would it make more sense to implement such protocols in REBOL, which 
may be easily portable to Red? (Instead of doing a C implementation.)
Dockimbel
9-Nov-2011
[3751x2]
I think it would be doable to implement SSL/SSH in REBOL, but it's 
a big task (at least for SSL).
What would be cool would be to implement all the low-level encryption 
routines in Red/System.
Geomol
9-Nov-2011
[3753]
Have you looked at the way, REBOL do it? The REBOL/SDK at least have 
some of that security.
Dockimbel
9-Nov-2011
[3754]
REBOL provides all the low-level encryption routines required, but 
they are coded in C.  REBOL SSL implementation is also done in C 
(by Holger IIRC).
Geomol
9-Nov-2011
[3755]
ok
Dockimbel
9-Nov-2011
[3756]
The REBOL SSL port might also be using some REBOL code for higher 
level protocol support, but it's not accessible, so we can't check 
that.
Pekr
9-Nov-2011
[3757]
IIRC, Cyphre once said, that idea for R3 was to add some port or 
other low level encryption functionality, and that https etc would 
be done in REBOL level, using thow low-level facilities ...
BrianH
9-Nov-2011
[3758x2]
Geomol, the recent exploits of SSL don't affect TLS (at least 1.1 
iirc). So yes, we need to implement TLS, but maybe not SSL.
Has the PuTTY code been updated to patch the latest exploits?
Dockimbel
9-Nov-2011
[3760]
Some serious bugs seem to have been fixed in the latest release: 
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Kaj
9-Nov-2011
[3761x5]
Including PolarSSL in Red would not only require every Red program 
to provide the library source code, it would require every Red program 
to be open source. That's unacceptable for business purposes
As far as I know, OpenSSL is the only TLS implementation under BSD, 
but it's the old BSD licence with advertising clause. This makes 
it incompatible with GPL software such as libraries one may want 
to use with Red, if they don't have an explicit exception for OpenSSL
Much GPL software that is relevant has that exception, so it's a 
limited problem
From a technical standpoint, Jaromil has advised me that GNU TLS 
is of higher quality. It is LGPL, so it's acceptable as long as you 
agree to provide the source code to GNU TLS only, as with many other 
libraries
It would be great to eventually implement many libraries in Red, 
but this is a gargantuan task, and security code is very specialised 
and critical
Andreas
9-Nov-2011
[3766]
GnuTLS is indeed of _much_ higher quality than OpenSSL. It is not 
as widespread, though.
Dockimbel
9-Nov-2011
[3767]
Kaj: you're right, I misunderstood the extend of article 2.4 in License 
Exception. We can't use it.
Kaj
9-Nov-2011
[3768]
Apparently, PuTTY has its own BSD SSL implementation, so that's interesting. 
But it's not structured as a library, but entirely integrated in 
the other protocols, seems somewhat limited and lacking in portability. 
The only way to use it would be to rip out the source code and make 
a portable library out of it, or reimplement it in Red
Geomol
9-Nov-2011
[3769]
Kaj, can you see, if it's a SSL implementation or just SSH? Or is 
SSL there by automatic, when making SSH implementations?
Kaj
9-Nov-2011
[3770]
There is hardly any talk of SSL, but of the separate authentication 
methods that it comprises. Indeed, SSH implies what is called SSL, 
so it's in there in some form
Geomol
9-Nov-2011
[3771]
Thanks!
Kaj
9-Nov-2011
[3772]
It could be completely entangled with the SSH protocol, but since 
they also do SFTP, one can hope it is somewhat abstracted internally
Andreas
9-Nov-2011
[3773x2]
SFTP is basically nothing more than a set of specific commands sent 
over SSH.
That alone won't require much abstraction, I fear.
Kaj
9-Nov-2011
[3775]
Ah, right, so it could still be entangled. I was thinking of FTPS
Dockimbel
9-Nov-2011
[3776]
AFAIK, SSL and SSH are different communication protocols that rely 
on common hashing and encryption algorithms on the low-level layer.
Kaj
9-Nov-2011
[3777]
Yes, it doesn't seem to be called SSL within SSH, but there is talk 
of TLS
Andreas
9-Nov-2011
[3778x3]
Didn't PuTTY also do telnet/ssl?
Hmm, seems it doesn't.
Well, then there's probably hardly anything SSL/TLS-specific in there, 
except for some common crypto primitives as Doc mentioned.
Geomol
9-Nov-2011
[3781]
There is a "telnet.c" in the PuTTY sources.
Dockimbel
12-Nov-2011
[3782x3]
I have just bricked my Sheevaplug by doing a simple "apt-get upgrade"...:-(
No way to get access to it anymore even using the USB direct connection.
So I need to find a suitable ARM emulator now to be able to finish 
the ARM port...
GrahamC
12-Nov-2011
[3785x2]
No warranty?
Seem to be several howtos on how to unbrick a sheevaplug
Dockimbel
12-Nov-2011
[3787x2]
Warranty: I don't think that warranties apply on "bricked" hardware, 
anyway, I never rely on warranties.
I will see if I can setup QEMU to emulate an ARM and install a suitable 
Linux image over it.
Luis
13-Nov-2011
[3789x2]
Can not be reflashed ?
http://myubuntublog.wordpress.com/tag/sheevaplug/
Dockimbel
13-Nov-2011
[3791x3]
Yes it can, but the procedure is long and complicated. It also requires 
a USB stick that will be recognized by the sheeva.
I can't get the QEMU network emulation to work at all...
Just spent my whole day trying to make QEMU work fully, I'm giving 
up that option for now. I will try tomorrow to get my sheeva back 
to life.
Kaj
13-Nov-2011
[3794x2]
Never trust update systems
I've been working on a GoboLinux upgrade for the past days after 
nuking my installation, and there are all sorts of problems
Dockimbel
13-Nov-2011
[3796]
Got networking partially working with QEMU, let's see if it's enough 
to setup the tools I need.