[Cryptography] Use Linux for its security
Ron Garret
ron at flownet.com
Sat Oct 1 16:18:10 EDT 2016
On Oct 1, 2016, at 1:04 PM, Thierry Moreau <thierry.moreau at connotech.com> wrote:
> On 01/10/16 01:26 PM, Ben Laurie wrote:
>> On 28 September 2016 at 17:33, Ron Garret <ron at flownet.com> wrote:
>>>
>>> On Sep 28, 2016, at 6:20 AM, Ralf Senderek <crypto at senderek.ie> wrote:
>>>
>>>> On Tue, 27 Sep 2016, Jerry Leichter wrote:
>>>>
>>>>> Not.
>>>>
>>>> Everyone who complains about this situation should have asked himself:
>>>> "When did I last donate my time and effort to essential code review?"
>>>> (including efforts to reduce complexity).
>>>
>>> I’m working on reducing complexity every single day: https://sc4.us/
>>
>> Better drop jquery, then!
>
> Indeed, for any seriously security-minded web-enabled application.
>
> Client-side logic is incompatible with a self-defense strategy for an http server application.
Just to be clear, SC4 is not an HTTP server application, it’s a client-side application. It just happens to be written in Javascript and uses a browser for a GUI, but different implementations are possible. There’s already a command-line implementation written in Python, and implementations in other languages would not be hard to do. It’s only about 3 kLOC (and a third of that is TweetNaCl) so it’s pretty easy to port.
There is a version of SC4 that uses a server to distribute keys, but that’s optional.
rg
More information about the cryptography
mailing list