Hello everyone, my name is David Mercer, and after a few days of hanging out
on the #haskell irc channel asking annoying questions about monads, and reading
mailing list archives for a while, I'm pretty sure that this is the correct
list to post this announcement/request for feedback and review from the Haskell
I am currently nearly done with a library implementing the SHA-224/256/384/512
message digest algorithms, collectively often called SHA2, completely in
Haskell. The initial motivation was a desire to compute SHA2 hashs in what was
to have been my first Haskell program (this is instead). I looked around to
see if perhaps there was a library, or at least a wrapper to some C/C++ crypto
libraries SHA2 hash functions. Alas, all was naught (correct me if I missed
something, please!), and at best the SHA1 code from darcs was uncovered (after
a query on the cryptography mailing list), which is a pure Haskell SHA1 library.
Digest.hs is a wrapper to OpenSSL's SHA1 functions, but would need to be
updated to handle SHA2. So like any good programmer I started with the same
API as Digest.hs, gleefully grabbed the shell of it, gpl and all, as it's
infrastructure and crypto, and set to work.
I have so far completed all of the non-stateful (pure and lazy!) portions of
the FIPS 180-2 specification, up through section 6.2.1 inclusive, and step
1. only from section 6.2.2. That last is the tricky bit, where all of the
stateful computation takes place and entropy is disturbed with prime number
mixing and overflowing bit operations. It's only a few lines of the spec that
I have remaining (aside from message length padding), and I intend to
implement them as a monad.
Unfortunately due to (in my opinion) silly laws in the United States, I have to
say that only those resident in the list of countries found at the end of this
message are supposed to click the link that's coming up and look at my source
code. Silly because it can always be scanned overseas after hardcopy
and sillier yet again because for the last 5 years one can legally
source code in the US online without logging who downloads it. The just require
you to email the NSA with the url of publication (which I have done by
All of which is even sillier yet again because I'm only releasing
and not actual high level encryption, source code. So although my
not even keep access logs, presumably 'big brother' knows where to
to watch who dowmloads what from where. If they want to. But I digress.
The source code for this pre-release version of Shaskell for peer review is at:
That address will also remain the permanent download url for released versions
of the Shaskell library source code. Associated files and a local mirror of the
(public domain and non-export controlled) FIPS 180-2 specification, in
are at http://davidmercer.nfshost.com/projects/shaskell/
Comments, critiques, suggestions, fan mail, hate mail, monad
tutorials, suggestions for publication venues and other thoughts on
the source code or the abstract for the the eventual academic paper
(in the above directory as well) are welcome and encouraged!
Thanks a bunch in advance for any of your time or attention expended
on this, and I look forward to contributing to the Haskell community!
University of Arizona
[[hidden email]|[hidden email]]
PS Have the major Haskell distributions had to directly deal with
crypto export control issues yet, or has it been dodged so far by
using only wrapper libraries, as appears to be the case from what I've
dug up so far? Thanks again!
Libraries mailing list
David Mercer <[hidden email]> writes:
> PS Have the major Haskell distributions had to directly deal with
> crypto export control issues yet, or has it been dodged so far by
> using only wrapper libraries, as appears to be the case from what I've
> dug up so far? Thanks again!
The current provenance of all the major Haskell compilers, and most of
the minor ones, is outside the US.
the main exceptions being:
Eager Haskell US
But in any case, afaik none of the compilers includes a crypto library
by default. Dominic Steinitz (UK again) distributes hs-crypto
Libraries mailing list
On 11/21/05, Malcolm Wallace <[hidden email]> wrote:
> David Mercer <[hidden email]> writes:
> > PS Have the major Haskell distributions had to directly deal with
> > crypto export control issues yet, or has it been dodged so far by
> > using only wrapper libraries, as appears to be the case from what I've
> > dug up so far? Thanks again!
> The current provenance of all the major Haskell compilers, and most of
> the minor ones, is outside the US.
> ghc UK
> Hugs UK
> nhc98 UK
> hbc Sweden
> Cayenne Sweden
> Chameleon Singapore
> UHC/EHC Netherlands
> yhc UK
> the main exceptions being:
> jhc US
> Eager Haskell US
> But in any case, afaik none of the compilers includes a crypto library
> by default. Dominic Steinitz (UK again) distributes hs-crypto
Malcolm, thanks very much for that list, I wasn't sure where all of
the major Haskell compiler/interpreter distributions were based, and I
actually think that that's the single longest list of same that I've
seen on the Net so far (unless I just missed in on the haskell.org
wiki and google or something!) I wouldn't want to break a
distributions policy regarding freedom of exportability by my code's
inclusion, but I'll admit that having it in the Hierarchical Libraries
some day would be nice. And I can't help having been born a 'US
Person', as they put it!
In any event, as soon as we get this last bit of code finished and
have it all converted into a Literate Haskell paper in the appropriate
TeX format, I'm going to submit that for publication where ever seems
most appropriate for such a thing. Suggestions on that are very much
desired, as a matter of fact. At that point it can be scanned and
legally posted online via the Zimmerman/Bernstein carved publication
exception outside of the US. I can't believe this nonsense is still
required, but there it is.
Libraries mailing list
|Free forum by Nabble||Edit this page|