Over the past few releases in .NET, formerly .NET Core, there has been progress on making cryptographic primitives like AES, SHA, etc. better for developers to use. “Better” is an interesting point of conversation with cryptographic API design. To a developer, better may mean more throughput, less allocations, or a simply less cumbersome API. To a framework or library author, it means thinking about how developers will use, or mis-use, an API. Let’s look at AES encryption as it was in t...| Random Thoughts
In .NET Core 2.1 a small but well-received feature was the ability to “safely” allocate a segment of data on the stack, using stackalloc, when used with Span<T>. Before Span<T>, stackalloc required being in an unsafe context: unsafe{byte*data=stackallocbyte[256];} The use of unsafe, along with the little number of APIs in .NET that could work with pointers, was enough to deter a lot of people from using it. As a result, it remained a relatively niche feature. The introduction of Span<T> n...| Random Thoughts
One of the nice things about .NET Core being open source is following along with some of the issues that people report. I tend to keep an eye on System.Security tagged issues, since those tend to be at the intersection of things that interest me and things I can maybe help with. A user filed an issue where .NET Framework considered a CMS valid, and .NET Core did not. This didn’t entirely surprise me. In the .NET Framework, the SignedCms class is heavily backed by Windows’ handling of CMS/...| Random Thoughts
Since C# 7 there have been a lot of point releases that contain all kinds of goodies. Many of them are performance focused, such as safe stack allocations using Span<T>, or interoperability with improvements to fixed. One that I love, but is not documented well, is some special treatment that ReadOnlySpan<byte> gets when its contents are known at compile time. Here’s an example of a lookup table I used to aide with hex encoding that uses a byte[]: privatestaticbyte[]LookupTable=>newbyte[]{(...| Random Thoughts
Visual Studio 2019 preview 2 was released a few days ago and I took the time to install it. Visual Studio itself is actually rather uninteresting to me, however the inclusion of the next C# 8 preview got my attention. I glanced at the feature highlights and posted “looks nice” on Twitter. Predictably, I got a few responses like “I’m not sure I like that”, and there is always a guarantee that if F# has a similar feature, an F# developer will appear and tell you F# has had this featur...| Random Thoughts
.NET Core 3.0 is tentatively set to include a new API for securely generating a random integer bound to a specific range. I won’t be shy in admitting that it was something I pushed for and made the initial attempt at implementing, though it’s unfair to say that I implemented it by myself given all of the outstanding feedback I got on the initial pull request (thanks Levi and Jeremy!) It’s been known for a while that System.Random shouldn’t be used when cryptographic randomness is requ...| Random Thoughts
.NET Core introduced FixedTimeEquals which I have personally found to be very helpful. It’s a small method, but given the kind of code I tend to write, I was writing it a lot from project to project, and am happy to see it in the box. This API is meant to prevent a timing side-channel when comparing two sequences of bytes. The goal is, the comparison should take the same amount of time regardless of the contents of the bytes, assuming they are the same length. This is often required when do...| Random Thoughts
Over the past few years I’ve started to sour on x86 architecture for just about everything. From servers, desktop, and mobile, I’ve long wished we had architectures competing with x86 at the high end. Fortunately, there are plenty of architectures out there. From ARM and ARM64, to MIPS, there are choices. There is one recent one that has been getting my attention lately, and I’ve thought it’s time to start diving in to it. RISC-V RISC-V (pronounced “Risk Five”) is a fairly new arc...| Random Thoughts
There’s been some buzz lately about authenticated encryption. The buzz comesfrom some interesting issues in OpenGPG, and more recently the folks atMicrosoft ...| vcsjones.dev
.NET Core 3 has new APIs for importing keys in different formats, let's look at the difference.| vcsjones.dev