Date: Fri, 10 Dec 2004 11:02:57 -0500 From: Richard Coleman <rcoleman@criticalmagic.com> To: Colin Percival <colin.percival@wadham.ox.ac.uk> Cc: freebsd-arch@freebsd.org Subject: Re: Adding standalone RSA code Message-ID: <41B9C8B1.2090600@criticalmagic.com> In-Reply-To: <41B92CF3.2090302@wadham.ox.ac.uk> References: <41B92CF3.2090302@wadham.ox.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin Percival wrote: > I'd like to add a new library for lightweight barebones RSA > computations, and associated commandline rsa-makekey, rsa-sign, and > rsa-verify utilities. > > To a certain extent, this duplicates existing functionality > (openssl), but I think my code has important advantages which justify > the duplication: 1. It is lightweight (around 2% of the size of > openssl), which may allow it to be used in memory-limited > environments, 2. It is far more auditable, due to its smaller size, > and 3. It is designed for security rather than performance; I made > certain design decisions which result in my code being rather slower > than openssl as a result of a desire to avoid potential attack > vectors. > > My reason for wanting to add this code is that I'm using it in > FreeBSD Update (and recently portsnap as well) and this is the first > step towards migrating that into the base system. > > Any objections? > > Colin Percival If the objective is to create a standard library for memory limited cryptography, then using elliptic curve cryptography would be more appropriate than RSA. But that may be too radical for most users. My primary concern about a new library is that as more applications use cryptography, the more openssl becomes a "sunk" cost. It's already there. So using an alternate library (even a small one) is an increase in memory utilization. Also, as Mark says, openssl is much more likely to grow hardware support for common crypto algorithms (like in the VIA chip). Just my random thoughts. Don't take this as a strenuous objection. Richard Coleman rcoleman@criticalmagic.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41B9C8B1.2090600>