On Mon, 2013-02-04 at 09:14 +0800, Daniel Hartwig wrote: > Hello > > On 3 February 2013 20:55, Nala Ginrut <nalagin...@gmail.com> wrote: > > As mentioned in another thread about digest algorithm support in Guile, > > my plan is use part of implementation of libgcrypt and make a wrapper, > > then put into libguile. > > But now I found weinholt's Scheme industria lib, which contains all > > mainstream crypto(not only digest) algorithm. > > http://weinholt.se/industria/manual/crypto.html#crypto > > As mentioned on that page, there are some issues that apply to any > pure Scheme implementation: >
If it's worthy, I can do some modification. > > Beware that if you're using some of these libraries for sensitive > > data, let's say passwords, then there is probably no way to make > > sure a password is ever gone from memory. There is no guarantee that > > the passwords will not be swapped out to disk or transmitted by > > radio. > > Libgcrypt provides a means to specify that some data should be stored > in secured memory, which will never be swapped to disk. Doing > something similar in Guile may be problematic, at least with a > Scheme-only implementation. > > > So what's your opinion, guys? > > Would you prefer C implementation or Scheme way? > > As gcrypt is mature, reimplementing it in either C or Scheme just for > Guile does not seem useful — on it's own. An FFI wrapper or extension > benefits from upstream security and maintenance efforts. > > > If you have a particular interest in learning about crypto. algorithms, > by all means port or write your own implementation using whichever > language. If you want it to have a Scheme interface, then Scheme > seems a logical choice to use. > Well, no ;-) > If your goal is only to provide crypto. support to Guile programs, > then time is better spent providing a wrapper to the existing library. > Concerns about adding an external dependency do not hold much weight > next to the advantages of directly using the library; “don't repeat > yourself”, and all that. > That's my aim, nowadays a language should provide md5/sha1 at least since they are very common. > Perhaps you are aware that there an extension for gcrypt under > development, with modules for the hash and randomize functions: > <https://gitorious.org/gcrypt-guile/>. > I have a similar project too: https://gitorious.org/nacre/libgcrypt-guile Write a lib-wrapper is another story, guys who needs more specific feature(efficiency/security) could use these packages from guildhall. But my opinion is to provide the common digest API in ice-9, many guys asked such a questions, and I suggested them use my libgcrypt-guile, but I can't answer why Guile doesn't has these common API. So I decide to add them. What do you think? > > Regards >
