Re: Scrypt - Linux crypting tool
From: Stachu 'Dozzie' K. (dozzie_at_dynamit.im.pwr.wroc.pl.nospam)
Date: Mon, 25 Jul 2005 13:12:36 +0000 (UTC)
On 24.07.2005, email@example.com <firstname.lastname@example.org> wrote:
>> > It can cipher from standard input, and/or output to stdout.
>> > Only a compiler (gcc) and standard libs are needed.
>> Which part of GCC is needed? C++ compiler? C compiler? ObjC or Fortran
>> compiler? And what are the "standard libs"? Is libc enough for it? Or
>> maybe I need libstdc++, OpenSSL or GMP?
>> I compiled the source, so I know less or more which libraries are
>> required, but next time try to be more precise.
> Sorry i was not clear, i use to work with gcc, and all Linux users may
> have it...by standard libs i mean the usual stdio, stdlib, unistd,
> string, etc...but thanks for the advice.
stdio.h, stdlib.h and unistd.h are _not_ libraries, they are headers.
Try `gcc -v *.c -o output'. All *.a and *.so files can be called
"libraries" (*.a files are in fact archives with object files, but this
can be called "library", too).
>> > The
>> > pseudo-random generator is a (very) simplified version of Mersenne
>> > Twister generator. Then the cipher algorithm apply a logical XOR on
>> > every byte of the file with a character of the hashed password, hence
>> > the operation is invertible, and the same function is used to cipher
>> > and uncipher. It can be described as a simple stream cipher.
>> As I said, are you competent enough to tell that the cipher/RNG is
>> secure and/or create secure cipher on your own?
> Uh...where did i tell that it was secure ?
When you told that "it should be enough for non-expert user".
>> And one more thing: I don't like the idea of reading password from
>> stdin. As a user I'd like to put program in the middle of a pipe or
>> something similar. Reading password from stderr would be IMO better, and
>> reading password directly from terminal would be the best. You can add
>> an option to give password on given filehandle to make scrypt more,
>> ermm, scriptable.
> I did not thought about that...as you see i have a lot to learn ;)
You need to write a lot of shell scripts, then you will catch all such
nuances while writting program instead of later testing.
-- Feel free to correct my English Stanislaw Klekot