Cryptographic applications for statistical software and data science

[jeroen]

I think the paper should take a high level, applied, introductory view to crypto. The technical details of implementing R bindings to a C library could go in a technical chapter or appendix. Far more interesting to JSS readers to understand how they can use this functionality. For example how you have used crypto hashes to anonymize datasets, and how you can use a random salt to make sure results incomparable to other datasets. Things like that.

Some ideas (feel free to edit/update):

• Concept of a one-way hash
• Explain how to store and verify passwords without storing them in plain text.
• Use of salt for password storage to prevent dictionary attack
• Use of salt for anonymizing (example from Oliver?)
• Show simple private key authorization
• Expose actual openssl key verification
• Eternal battle between cracking and finding better algorithms (i.e why not use md5 anymore)

[Ironholds]

You've got more experience with the JSS than I, but I imagine we should probably aim for "this is what this is, this is how it's useful to you". So, for each of those points; how is it useful for statisticians and researchers? How is it useful for package developers? I can see 1:4 as being useful for statisticians, and 5:6 as useful for developers (we could look at those packages that import digest at the moment as examples).

[jeroen]

Also there is no rule that the paper should only discuss a single package, that we wrote ourselves. We could very well make it a more general introduction to crypto in R, and also highlight functionality from Simon's PKI or hadley's secure.

[Ironholds]

Good point! They'd be worth including.

[Ironholds]

Okay, I'm going to try and get a start on the outline this weekend. Will throw into a sub-directory when I've got something!

We should totally adapt whatever we come up with into vignettes, even if it ends up not getting published; vignettes are awesome to have.