tech-misc archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Modern cryptographic algorithms to netpgp, netpgpverify



Hi David,

Thanks for your mail.

To give some further background to these projects - netpgp has been in-tree since 2008 or 2009, and is based on some older code. It uses openssl for some functionality.

There have been 2 previous attempts to finish this project, and both have failed (for different reasons, and I'm not willing to go into the details).

Netpgp is the older code base, and is not up to current standards, there is a completely unnecessary json implementation in there, for example - and the architecture of it is weird, too, I will quite happily admit - look to its provenance for those reasons.

Netpgpverify was a from-the-ground-up rewrite in 2012 or so of simply the verification parts, and is much better, but could still do with some TLC.

On Mon, 31 Jul 2023 at 17:46, David Dudas <david.dudas03%e-uvt.ro@localhost> wrote:
I'm contacting you regarding this project
<https://wiki.netbsd.org/projects/project/netpgpverify/>, which I found on
the NetBSD project list. I would like to work on this as a study project
with the help of my university professor.

That's a great and laudable aim, but I suspect that the time for netpgp as a whole has passed. Everything in this space (for the last 10 years or so) has been focussing on ed25519, and the infrastructure which netpgp provides is not up to the task. These days, cryptography needs to be small and simple - netpgp does not provide that basis.

The description is pretty straightforward and I imagine there is not much
to say, but before starting to work on it I just wanted to ask if there is
any other information, guidelines or anything that could be useful and
relevant. Eventually a detailed description, or pointing out some files in
the source, or really anything that might be helpful.

I'm quite happy to answer questions, although the SCM history should provide you with most of the answers that you could seek. But I think the problems are more deep-rooted than just laying some newer methods on top of existing code. 

I've noticed there was another question regarding this project, without any
response, that's why I've added some other addresses to CC and I also would
like to ask if there is somebody who I can contact in case of some specific
situations, if really necessary.

My apologies, I missed that question.

Thank you in advance,
David Dudas

--
David-Patric DUDAS

Student

Informatică în limba română | Licență, anul III

Facultatea de Matematică și Informatică
0747319234
david.dudas03%e-uvt.ro@localhost
[image: facebook] <https://www.facebook.com/DudasDawid>

<https://www.hubspot.com/email-signature-generator?utm_source=create-signature>

Best,
Alistair 


Home | Main Index | Thread Index | Old Index