Hi SJain There is no meaningful difference. It doesn't matter if you have a write-able text file or a write-able binary - yes of course text is easier to edit than binary, but that is security by obscurity at best (which is not security). All meaningful cryptographic algorithms are designed to not be weak even if you know everything about the running system - except the encryption keys/parameters, that is. Algorithms which derive their security from an attacker not knowing their inner workings are again basing their hopes on security by obscurity, which is an illusion.
You talk about the security of a running system. If a malicious actor has access on a system, be it with an account which has more permission rights than it should have (or ways to break out of those restrictions), or even physical access, then nothing can stop an determined attacker. You already lost when the attacker obtained this level of access and you cannot trust the system anymore (= you should wipe and re-install it). A main problem with crypto is not weaknesses in the algorithms (though such are hard to find, and sometimes only found by mathematicians after many years of analysis), but often implementations have mistakes or the programmer didn't understand the use of the algorithm correctly and missed some fundamental detail. A language which makes understanding of the implementation easier to grasp through having less language concepts, shorter code to read and understand, and less "accidental complexity" (complexity stemming from the implementation and not the task, e.g. manual memory management) will be easier to check for implementation mistakes and easier to correct them. So from that aspect, I think PicoLisp is probably better fitted than a complex C++ implementation with a lot of accidental additional complexity. Another aspect is, that cryptographic computation is mostly numeric computation, and that is not really the strength and intention of PicoLisp. So with that in mind, PicoLisp is not so well suited for crypto calculations, especially if you want to optimize for performance - but not all crypto use cases desire performance, so it depends. Regarding blockchain.. well the sole purpose of blockchain is to operate a distribute database AND operate it by different people who actively mistrust another. This makes it somewhat suited for crypto currencies like bitcoin, but there is not really any other meaningful application. In nearly all real-world scenarios, people can agree on a single group to be the masters of a database and be trusted. Surely such a system warrants checks and balances, but still you can then setup a central database operated by a single actor, and this has just better performance, lower operating costs, lower maintenance costs, just easier and better in all aspects. We have this with all sorts of systems in private companies and on government levels, and even on international agreed level even when the member parties not trust each other but trust an institute they operate together and keep each each other in check all the time. So in my humble opinion, any real world application of blockchain technology outside of anti-governmental currency is complete bullshit and usually just a scheme to get money from fashionable investors and computer-illiterate governments. Or a pet project for developers to feel clever about themselves while wasting intelligence and energy on stock market games instead of increasing quality of life for humanity. Some believe they can do meaningful blockchain applications. I think they're wrong. But even those people are completely dominated by get-rich-quickly-schemers, see this twitter link and it's discussion by insiders: * https://twitter.com/jonsyu/status/1389635626698297344 o tl;dr: it's all just scammers and inside traders. * https://news.ycombinator.com/item?id=27061700 o tl;dr: confirm. Kind regards, - beneroth On 21.05.21 18:43, SJain wrote: > There was a mail regarding picoLisp for blockchain. I am No expert in > software, but I would have thought a compiled language with > encryption, with full source code available, would be a more secure > application than a interpreted language, requiring source code in > readable and writable text file, such as picoLisp, despite all it's charm. > I would appreciate any thoughts on this. > Regards, > > SJain > India
