1997-01-09 - Re: [IDEA] Cypherpunks Super Computer (was Re: The Upcoming DES Challenge)

Header Data

From: Hal Finney <hal@rain.org>
To: fod@brd.ie
Message Hash: 8a7de316118b62c801d6a52d223c42b7b76fbbd84657d5260bbeaeee4e560fb3
Message ID: <199701092014.MAA00701@crypt.hfinney.com>
Reply To: N/A
UTC Datetime: 1997-01-09 20:20:00 UTC
Raw Date: Thu, 9 Jan 1997 12:20:00 -0800 (PST)

Raw message

From: Hal Finney <hal@rain.org>
Date: Thu, 9 Jan 1997 12:20:00 -0800 (PST)
To: fod@brd.ie
Subject: Re: [IDEA] Cypherpunks Super Computer (was Re: The Upcoming DES Challenge)
Message-ID: <199701092014.MAA00701@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Frank O'Dwyer" <fod@brd.ie>
> However, what if there was a safe scripting language with bignum
> arithmetic and other cryptographic primitives, and what if
> lots of people ran a service that would accept scripts in 
> that language and respond with the answer?  Say, a Safe-TCL 
> interface to Peter Gutmann's cryptlib, running at idle 
> priority?  Sort of like a distributed batch queue, and also 
> a bit like the way jobs are (were?) submitted to Crays.  The 
> Cypherpunks Super Computer. It need not be significantly slower 
> than raw code if the primitives are high level enough.

A few years ago I coded up a TCL interface to Pr0duct Cypher's
PGPTOOLS library.  It did bignum arithmetic from the command line,
and also let you use MD5 and IDEA on files and buffers.  Unfortunately
I had a major disk crash and was never able to recover my last version,
and I never got back to it.

Safe-TCL has never gotten the scrutiny of Java, but IMO if it ever
does it will be found to suffer from its own flaws.  At this point
I think Java is farther along the path to safety.

I do like the idea of a widely available, installed, crypto-capable
scripting language.  This would be an ideal basis for trying out new
crypto protocols and algorithms, without having to write a whole program
from scratch.  We have been talking about setting up DC nets for years,
for example.  The concept is so simple as to be almost trivial.  But
the infrastructure is the hard part - dealing with the I/O issues, the
multiple architectures, all the configuration issues.

I suspect that Java, when it gets its security API, may be a good
candidate for this kind of system.  It's already got high level socket
I/O, and with a bignum package and some basic crypto primitives like
one way functions, you could do a lot with it.  You still have the
problem of trading off safety for utility, though.

Hal





Thread