Hello everyone, my name is David Mercer, and after a few days of hanging out on the #haskell irc channel asking annoying questions about monads, and reading mailing list archives for a while, I'm pretty sure that this is the correct list to post this announcement/request for feedback and review from the Haskell community. I am currently nearly done with a library implementing the SHA-224/256/384/512 message digest algorithms, collectively often called SHA2, completely in Haskell. The initial motivation was a desire to compute SHA2 hashs in what was to have been my first Haskell program (this is instead). I looked around to see if perhaps there was a library, or at least a wrapper to some C/C++ crypto libraries SHA2 hash functions. Alas, all was naught (correct me if I missed something, please!), and at best the SHA1 code from darcs was uncovered (after a query on the cryptography mailing list), which is a pure Haskell SHA1 library. Digest.hs is a wrapper to OpenSSL's SHA1 functions, but would need to be updated to handle SHA2. So like any good programmer I started with the same API as Digest.hs, gleefully grabbed the shell of it, gpl and all, as it's infrastructure and crypto, and set to work. I have so far completed all of the non-stateful (pure and lazy!) portions of the FIPS 180-2 specification, up through section 6.2.1 inclusive, and step 1. only from section 6.2.2. That last is the tricky bit, where all of the stateful computation takes place and entropy is disturbed with prime number mixing and overflowing bit operations. It's only a few lines of the spec that I have remaining (aside from message length padding), and I intend to implement them as a monad. Unfortunately due to (in my opinion) silly laws in the United States, I have to say that only those resident in the list of countries found at the end of this message are supposed to click the link that's coming up and look at my source code. Silly because it can always be scanned overseas after hardcopy publication, and sillier yet again because for the last 5 years one can legally post encryption source code in the US online without logging who downloads it. The just require you to email the NSA with the url of publication (which I have done by the way). All of which is even sillier yet again because I'm only releasing message digest, and not actual high level encryption, source code. So although my webserver does not even keep access logs, presumably 'big brother' knows where to traffic sniff to watch who dowmloads what from where. If they want to. But I digress. The source code for this pre-release version of Shaskell for peer review is at: http://davidmercer.nfshost.com/projects/shaskell/shaskell.hs That address will also remain the permanent download url for released versions of the Shaskell library source code. Associated files and a local mirror of the (public domain and non-export controlled) FIPS 180-2 specification, in pdf format are at http://davidmercer.nfshost.com/projects/shaskell/ Comments, critiques, suggestions, fan mail, hate mail, monad tutorials, suggestions for publication venues and other thoughts on the source code or the abstract for the the eventual academic paper (in the above directory as well) are welcome and encouraged! Thanks a bunch in advance for any of your time or attention expended on this, and I look forward to contributing to the Haskell community! -David Mercer University of Arizona Tucson, AZ [dmercer@u.arizona.edu|radix42@gmail.com] PS Have the major Haskell distributions had to directly deal with crypto export control issues yet, or has it been dodged so far by using only wrapper libraries, as appears to be the case from what I've dug up so far? Thanks again!