[erlang-questions] long term stability of zlib/crypto
Rory Byrne
rory@REDACTED
Thu Feb 28 11:35:00 CET 2008
On Wed, Feb 20, 2008 at 06:16:22AM -0800, Lev Walkin wrote:
>
> Joe, it seems that the roundtrip problem with zlib is a pure erlang
> problem; the world around us uses zlib quite extensively, without any
> hitches (except for IE6's https/gzip implementation). The bigger problem
> is encryption. You'd probably like a strong encryption to withstand
> a million year of crypto attacks to your collection of nudity. This
> means, today, that you'd better stick with AES-256 as a block cipher,
> with some asymmetric key schema on top of it. Perhaps, RSA-4096 would
> be sufficient. Furthermore, if you need the file container to have
> more or less standard file format so the future generations could read
> it you would need something like PKCS#12 wrapper around the
> key/cert pair, and so on and so forth.
Regarding the container, I did a partial implementation of PKCS#7 a
short while ago as part of a paypal module thing. It might help if
you choose to go with a pure erlang solution. The containers produced
appear to work against both openssl, and whatever paypal is using
(probably the bouncy castle implementation for java). In a nutshell
a PKCS#7 file will house public certs, asymmetric key, signatures
and encrypted data in a standard way.
I only wrote the parts that required a high level of stubbornness.
The parts requiring intelligence - the rsa stuff, etc - come from
unsupported funcionality in the OTP ssl libraries.
Lots of caveats attached!!
Code at: http://code.google.com/p/erlpay/
Cheers,
Rory
More information about the erlang-questions
mailing list