Re: Workable encryption in Tcl??

From: Andreas Kupries (akupries_at_shaw.ca)
Date: 07/31/04 

{Path: bluepeak.shaw.ca!not-for-mail
Date: Sat, 31 Jul 2004 05:27:54 GMT

Geoff Caplan <geoff@variosoft.com> writes:

> ActiveTcl for Windows may be batteries included, but it doesn't
> include a single secure cypher that I can discover. I presume that
> this is because of the bizarre US export regulations, but other
> communities have got around this by locating the restricted code on
> European servers...
>
> The Tcllib docs mention an RC4 library, but this seems to be missing
> in both the Active State and the sourceforge distros.

RC4 was only recently added to the tcllib CVS and is therefore not in
the latest tcllib releases (1.6, 1.6.1). The docs you have seen [*]
however are tracking the CVS head of Tcllib, and thus show it already.

[*] I assume that you talk about http://tcllib.sf.net/doc/index.html

That being said ActiveState just released ActiveTcl 8.4.7.0. As this
also tracks the head of tcllib relatively closely this also includes
RC4 now.

        http://www.activestate.com/Tcl.plex?_x=1

 
> There is a Windows Blowfish binary in Kitten, but the version number
> is 0.1, there appears to be no documentation and the author is
> uncredited. I can't use this as a mission critical library...
>
> Finally, there is Trfcrypt. This appears to be an abandoned personal
> project (site last updated in 2001) and the only Windows binary I can
> find is for Win95. It uses the MS C compiler, so to compile it, I
> would have to find and download the .Net SDK, the MS Platform SDK and
> figure out how to get the C++ compiler working (I don't have C skills)
> - all in the hope that the code will work with more recent and future
> Windows releases...

Not updating does not mean abandoned. Ok, it definitely has not been
attended to in a long time. My time is finite, like for all of us. It
should be updated to the newest TEA build system at least. And get
Rijndael aka AES. That being said it should still compile.

> There are links to one or two other projects but they all seem to be
> dead or depreciated.
>
> I am aware of the tls OpenSSL library, but SSL is overkill for this
> project and will add needless complexity. All I need is a standard

Sure ?

Using it also means that you are using a _standard_ encryption
protocol security people are familiar with.

If your project is reviewed for security, and given your description
as mission critical, I would definitely _expect_ such a review, then
it will most likely be _much_ easier to get approval for a security
module based on known standards than something homegrown.

> symmetric cypher.

 
> All rather discouraging. I'm beginning to get an inkling of why the
> profile of Tcl is so much lower than the other major dynamic
> languages... Other communities seem to put much higher priority on the
> accessibility, maintenance and documentation of mission-critical
> libraries - the contrast with PHP, for example, is stark! 

-- 
So long,
	Andreas Kupries <akupries@shaw.ca>
			<http://www.purl.org/NET/akupries/>
	Developer @	<http://www.activestate.com/>
-------------------------------------------------------------------------------
}