Tuesday, June 21, 2011

CryptoFace Digest Design Oops

Designing an interface for managing a library of cryptographic digests seems so easy, right?

Select a digest from a list, process data, get a hash... all there is to it, right?

WRONG!

While pulling in another digest provider, Botan, I found some items that did not fit into the simple model. Namely the configurability of some of the uncommon and new digest algorithms:

  • Customizable output size of the 3 Skein internal storage variants
  • Customizable "personalization" value of Skein
  • Custom number of rounds and output size for Tiger
  • ...
This is even without the notions of composing digests in various fashions, such as in parallel or in a Feistel scheme.

In light of this, I anticipate changing my mechanism for obtaining and enumerating digest implementations. Changes will likely include moving the enumeration of digests to more of a secondary feature, making the move to a set of 'well-defined' digest identifiers to be mapped from strings, and making way for parameterized construction of digests to accommodate more complex notions, including hash-based MACs/etc.

The change will not be without complication, however in light of analyzing the problem and the Botan library, I think I may be able to make some elegant structures possible for dealing with complex algorithms... at least with the Lua engine. An example set of structures could be:

-- Simple sized sha2 filter
x = Filter(SHA2(256))
-- HMAC
x = Filter(HMAC(SHA2(256),"KEY")
-- Complex chain of hashes
x = Filter(Parallel(SHA2(512), Skein(512,1024,"Personalization")))
-- Take the filter and stream file-to-file using ltn12
ltn12.pump.all(
  ltn12.source.file("SOURCEFILE"),
  ltn12.sink.chain(x, ltn12.sink.file("SOURCEFILE.hash")))

Tuesday, June 7, 2011

Review of "SQL Pocket Guide" by Jonathan Gennick

SQL Pocket GuideSQL Pocket Guide by Jonathan Gennick
My rating: 4 of 5 stars

The complexity of developing database queries with SQL is a challenge often requiring frequent documentation searches. The "SQL Pocket Guide" by Jonathan Gennick is a great converged reference for many common database implementation.

The best feature of this guide is its breadth of detail offered. It provides a high-level view of database structures and provides useful details for taking strategies available in one implementation and possibly using it in another database engine. An example of this are the references from custom database function naming of Oracle's "analytic functions" and DB2's "OLAP functions" to the standard's name of "windowing functions". This allows you to take the naming you are familiar with, have been taught, or overheard and refer to it using that name and finding an appropriate redirection.

If you find that you are working with many different databases or want a quick reference to see if a given structure is available in a given database implementation, this guide is for you. Need a list of common data types for a category of data type: this guide has it. Need the details on dealing with times and dates: this guide has a good 20 pages on it. Even if it may not have all the tiny details you may need on a given topic, it can be a compass for finding your way through detailed documentation to what you want to find out.

The eBook format of this book was provided free through O'Reilly's Blogger Review program, you can purchase the book from the O'Reilly book store at: http://oreilly.com/catalog/0636920013471

You can support this blog by purchasing the book through Amazon at: SQL Pocket Guide (Pocket Guides)

View all my GoodReads reviews