On Thursday, March 17, 2016 at 8:27:33 PM UTC, Naiyuan Chiang wrote: > > > Hi, > > I am working in United Technologies Research Center (UTRC), and currently > I am interested in using Julia for my researches. > According to the IT support of UTRC, I wonder if the distribution of > Julia comes with certain packages, e.g. Crypto, by default. > My understanding is no, but an official reply can help us to accurately > identify the ECCN regulations for Julia. > > My IT support's original words are "Julia appears to be open source, but > does have at least one package that uses SSL (Crypto, see > *http://pkg.julialang.org/* <http://pkg.julialang.org/>). So without the > packages, the language would likely be 5D992, but is open source, so should > be not subject to the regulations. If the language comes with the Crypto > package by default, then the distribution would be considered 5D002 and we > would need to ask about license exception TSU to treat it otherwise." >
While not an "official" reply* I'm fairly sure there is not crypto, and see no good reason there should be, and can't find it in Julia. There is no reason for Julia to have crypto, since it is a language, and as you say Crypto can be and is a package you can use. Others include MbedTLS <http://github.com/JuliaWeb/MbedTLS.jl>, GnuTLS <http://github.com/JuliaWeb/GnuTLS.jl>. I would even think it is inappropriate [for any language] to include as you gave a reason.. There would only be downsides and no upside as you can always just use a library. The trend has been to reduce (and add to..) the standard library, but taking some features out of it and putting into several packages. See also Julia-lite branch that tries to finish that policy. * I've been following Julia for a long time (at least since 2014), but I'm not a major contributor/anywhere close to one of the key people. I have made some minor contributions, even to crypto related package.. I think I would know if I'm wrong. Please if anyone "official" or major developer can confirm, at least the way I'm testing this (and rerun), please do. Just to be sure I checked as thoroughly as I can think of: I searched for "crypt", "SSL" and "TLS" (and some more strings) in the Julia standard library in this way (and came up empty really): find /usr/share/julia/base/ |xargs grep SSL |less One "match": /usr/share/julia/base/docs/helpdb.jl:cryptographic applications (Knuth, Seminumerical Algorithms). https://en.wikipedia.org/wiki/Primality_test [ing] is just basic math, what is going on there, while useful for crypto, also for other things, and is a false alarm: isprime(::Integer) doc""" isprime(x::BigInt, [reps = 25]) -> Bool Probabilistic primality test. Returns `true` if `x` is prime; and `false` if `x` is not prime with high probability. The false positive rate is about `0.25^reps`. `reps = 25` is considered safe for cryptographic applications (Knuth, Seminumerical Algorithms). Just in case, I also looked out for where isprime is used: /usr/share/julia/base/gmp.jl: ndigits, promote_rule, rem, show, isqrt, string, isprime, powermod, /usr/share/julia/base/gmp.jl:isprime(x::BigInt, reps=25) = ccall((:__gmpz_probab_prime_p,:libgmp), Cint, (Ptr{BigInt}, Cint), &x, reps) > 0 False alarm (Task related file): /usr/share/julia/base/task.jl:## basic task functions and TLS Julia doesn't come with packages by default (except for separate JuliaBox project, and I doubt crypto is bundled there,.). It does have a math related library. The closest I can think of there is the non-crypto-appropriate MersenneTwister PRNG. const GLOBAL_RNG = MersenneTwister() RandomDevice(unlimited::Bool=true) = new(open(unlimited ? "/dev/urandom" : "/dev/random")) As you can see, there is also support for real random numbers, that the operating system gives you, but random numbers are not crypto; just a tiny building block used by e.g. crypto. There is even allegation, that the NSA made that such RNB biased/less secure.. so do not worry :) $ grep "TLS" /usr/include/julia/* /usr/include/julia/options.h:// #define CODEGEN_TLS /usr/include/julia/options.h:# define CODEGEN_TLS /usr/include/julia/uv.h: * That is, it may not be possible to create many TLS keys. False alarms ("TLS" there equals "Thread-local storage"): // (Experimental) codegen support for thread-local storage // #define CODEGEN_TLS /* Thread-local storage. These functions largely follow the semantics of * pthread_key_create(), pthread_key_delete(), pthread_getspecific() and * pthread_setspecific(). * * Note that the total thread-local storage size may be limited. * That is, it may not be possible to create many TLS keys. */ UV_EXTERN int uv_key_create(uv_key_t* key); UV_EXTERN void uv_key_delete(uv_key_t* key); UV_EXTERN void* uv_key_get(uv_key_t* key); UV_EXTERN void uv_key_set(uv_key_t* key, void* value); Even grepping the binary I came up empty: $ strings /usr/bin/julia |grep crypt $ strings /usr/bin/julia |grep SSL $ strings /usr/bin/julia |grep TLS I didn't grep the source code of Julia/the runtime. Shouldn't have to. Even if it had crypto, you would have to be able to use it from an API in the pure Julia standard library. I assume dependant projects, e.g. LLVM are ok, even if not, that caveat should apply to those too. Thanks, Nai-Yuan -- Palli.
