[13758] in cryptography@c2.net mail archive
Re: LibTomNet [v0.01]
daemon@ATHENA.MIT.EDU (tom st denis)
Tue Jul  8 12:43:58 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 7 Jul 2003 16:07:43 -0700 (PDT)
From: tom st denis <tomstdenis@yahoo.com>
To: EKR <ekr@rtfm.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <kj8yraym45.fsf@romeo.rtfm.com>
--- Eric Rescorla <ekr@rtfm.com> wrote:
> [Standard rant follows... :)]
> I'm trying to figure out why this is a good idea even in principle.
Maybe its just me but SSL is overly complicated.  I've been dabbling
with crypto since I was sixteen.  I've written several popular libs
already [LibTomCrypt and LibTomMath] so while I'm not a PhD in crypto I
think I'm fairly competent enough to sit down and implement an
algorithm per specs [to a limit].
Two weeks ago I sat down to learn how to code my own SSL lib [key on
being small].  Suffice it to say after reading the 67 page RFC for SSL
3.0 I have no clue whatsoever how to implement SSL.  
The RFC looks like it was written by a member of the ACLU and done at
an hourly rate of some sort.  It contains no test vectors, no sample
source code and generally is not enough information to code a compliant
SSL protocol.
So I wrote LibTomNet.  It provides exactly what I wanted and is very
simple to understand and work with.
> I've seen <100k SSL implementations and that included the ASN.1
> processing for certs. I would imagine that one could do a compliant
> SSL implementation that used fixed RSA keys in roughly the same
> code size as your stuff.
My 64KB demo includes the server, the client, all the crypto [including
a full RSA implementation] and the LibTomNet protocol.  I could make
the demo smaller by manually trimming LibTomCrypt.
Not only is my code way smaller than a compliant SSL library but it is
also simpler.  There are only eight functions in LibTomNet and of
LibTomCrypt you only need a half dozen at most [setup the prng, RSA key
gen, export/import].  In otherwards my code is [should be] very easy to
work with since there is a minimum of clutter to get in the way.
I mean just download a copy [v0.03 is the latest] and check out the
demo [demos/ex1.c]!
At anyrate LibTomNet is not an SSL replacement.  It's a library for
developers who need simple to work with secure sockets.
Tom
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com