Let's talk about crypto library
This week, I will mention the crypto library, it is a recent addition in the unstable folder.
But let's quickly describe the 3 main folders for libraries shipped with EiffelStudio
- library : stable libraries made and maintained by Eiffel Software
- unstable/library : libraries made and maintained by Eiffel Software, but the interface may change in the future.
- contrib/library : libraries made and maintained by Eiffel users, Eiffel Software acts mainly as a distributor here.
Typically the crypto library is part of the "unstable" set of libraries, because the author may want to redesign some interface to match future needs. However, it is pretty stable for an unstable library.
So what is this "crypto" library?
This is a simple encryption library providing common hashing, salt, and hmac components.
It was first introduced with EiffelStudio 7.3 as "message_digest" library with MD5 class, and later renamed as "crypto" in 13.11 with addition of SHA1, SHA256, HMAC, BCRYPT ...
It is built to be simple and small library for very common need in encryption.
Initially inspired by the eel library (contribution from Colin LeMahieu, see https://svn.eiffel.com/eiffelstudio/trunk/Src/contrib/library/text/encryption/eel ), but eel is not that simple to use, and has dependencies that are not needed for most hashing needs.
crypto currently includes:
- hashing: MD5, SHA1, SHA256, BCRYPT
- hmac: HMAC_MD5, HMAC_SHA1, HMAC_SHA256
- salt: SALT_XOR_SHIFT_64_GENERATOR (based on xor shift 64 algo) , SALT_DEVELOPER_RANDOM_GENERATOR (based on RANDOM class)
- encrypt password in database (for instance using BCRYPT)
- hash computation (MD5, SHA1, ...)
- to implement various protocol such as OAuth
hashing computation (or message digest)
- It is possible to call several time `update_from_string
- It is also possible to update from a file using
update_from_io_medium (a_file: FILE), and other kind of update_from_...(see https://svn.eiffel.com/eiffelstudio/trunk/Src/unstable/library/text/encryption/crypto/hashing/message_digest.e for interface)
- See the
MESSAGE_DIGESTinterface for various kinds of output: digest_as_string: STRINGand digest: SPECIAL [NATURAL_8]
- For other hashing such as SHA1, SHA256, this is very similar code, just use
Note that to use the XOR_SHIFT_64 salt generator, code should be
- you can check the associated "tests" project to see various scenari
Where can I find this library ?
- From the repository: https://svn.eiffel.com/eiffelstudio/trunk/Src/unstable/library/text/encryption/crypto
- From Eiffel Studio installation: $ISE_LIBRARY/unstable/library/text/encryption/crypto
I hope you found this post interesting to discover quickly the crypto library.
Let's talk about another Eiffel library in about one week.
In the link below, there is information leading one to believe that SHA-2 is now the preferred specification, where SHA-1 has been shown to have flaws.
Will there be code to support SHA-2? Also, it appears from the chart near the end of the article, there is an SHA-3 as well.
"Crypto" is providing SHA-1 and SHA-256 (whish is a SHA-2)
Indeed SHA-1 is not very safe, however it is still used for various purpose. "Crypto" is providing SHA-1 and SHA-256 (whish is a SHA-2) And so far, no SHA-3 is planned for 'crypto', however contribution is welcome, and we'll be happy to integrate any new hashing class.
I just noticed the SHA256 is the SHA-2 in one form. Thanks for the feedback.