On Friday, March 18, 2016 at 9:39:11 AM UTC, Páll Haraldsson wrote: > > > On Thursday, March 17, 2016 at 8:27:33 PM UTC, Naiyuan Chiang wrote: >> >> >>
> There is no reason for Julia to have crypto, since it is a language, and > as you say Crypto can be and is a package you can use. Others include > MbedTLS <http://github.com/JuliaWeb/MbedTLS.jl>, GnuTLS > <http://github.com/JuliaWeb/GnuTLS.jl>. I would even think it is > inappropriate [for any language] to include as you gave a reason.. There > would only be downsides and no upside as you can always just use a library. > > Just to be sure I checked as thoroughly as I can think of: > > > I searched for "crypt", "SSL" and "TLS" (and some more strings) in the > Julia standard library in this way (and came up empty really): > > find /usr/share/julia/base/ |xargs grep SSL |less > > One "match": > Full disclosure. I searched even more thoroughly* e.g. for "AES", "RC4", "RC5" and "SHA" (but only found "SHA", that isn't *really* "crypto"(?) and not really implemented by Julia it seems): /usr/share/julia/base/pkg/entry.jl: old == sha1 || error("$pkg v$ver SHA1 changed in METADATA – refusing to publish") /usr/share/julia/base/pkg/entry.jl: # TODO: check that SHA1 isn't the same as another version function publish(branch::AbstractString) [..] sha1 = readchomp(joinpath("METADATA",path)) if Git.success(`cat-file -e origin/$branch:$path`, dir="METADATA") old = Git.readchomp(`cat-file blob origin/$branch:$path`, dir="METADATA") old == sha1 || error("$pkg v$ver SHA1 changed in METADATA – refusing to publish") end https://en.wikipedia.org/wiki/Secure_Hash_Algorithm "The *Secure Hash Algorithm* is a family of cryptographic hash functions <https://en.wikipedia.org/wiki/Cryptographic_hash_function> published by the National Institute of Standards and Technology <https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology> (NIST) as a U.S. <https://en.wikipedia.org/wiki/United_States_of_America> Federal Information Processing Standard <https://en.wikipedia.org/wiki/Federal_Information_Processing_Standard> (FIPS)" is not used to ENcrypt (or decrypt), but for other things. I was testing Julia 0.4.1, and testing can only prove things are there, not absence of stuff. Still I think I looked for the important stuff (in the right places) and as I said there is just no good reason to have crypto, strong or any kind in Julia. SHA seems to be implemented by git (or other external commands, see below), not Julia, but git is a dependency of Julia (the package system, not sure you can do without it, can in theory). I didn't dig much into SHA matches I found as I do not think important. Here preinstalled(?) Unix (didn't check what happens on Windows) external command "sha1sum" is only USED: /usr/share/julia/base/random.jl: seed = hash(seed, parse(UInt64, readall(pipeline(`ifconfig`, `sha1sum`))[1:40], 16)) ## make_seed() # make_seed methods produce values of type Array{UInt32}, suitable for MersenneTwister seeding function make_seed() try return rand(RandomDevice(), UInt32, 4) catch println(STDERR, "Entropy pool not available to seed RNG; using ad-hoc entropy sources.") seed = reinterpret(UInt64, time()) seed = hash(seed, UInt64(getpid())) try seed = hash(seed, parse(UInt64, readall(pipeline(`ifconfig`, `sha1sum`))[1:40], 16)) end return make_seed(seed) end end -- Palli.
