
Milagro: Distributed Cryptosystem for Cloud Computing - blopeur
http://milagro.apache.org/
======
kapitza
Irritatingly, a lot of the docs on the Milagro site are stubs. For the user
experience I found this most explanatory:

[http://docs.milagro.io/en/mfa/getting-started/milagro-mfa-
ov...](http://docs.milagro.io/en/mfa/getting-started/milagro-mfa-
overview.html)

------
Ar-Curunir
They say they use generic implementations in languages like Java and Swift.
I'm left wondering how that impacts security against side channels.

I also can't seem to find any actual security definitions or proofs for the
project; I am thus disinclined to trust any security guarantees this project
claims to offer.

~~~
mankash666
This is an Apache foundation project with an explicit focus on security. I
think they'll get it right, but since it's in incubation stage, the
documentation might still be lacking. I'm sure they'll have much more complete
implementation and documentation when they come out of incubation.

------
youdontknowtho
There are some large orgs listed as having implemented this, but whenever I
read language that sounds all 90's tech revolutionary I get really skeptical.

------
fasteo
Offtopic.

Milagro means miracle in Spanish. Not sure if that's an appropriate name for a
security product.

"Es un milagro que funcione" (literally, "It's a miracle that it works") is a
very common phrase that captures the somehow pejorative sense of the word
"milagro" when used to describe or qualify human creations, more so technology
creations.

~~~
mikecb
It was submitted to Apache by MIRACL Labs, so seems appropriate, if not
creative.

~~~
fasteo
Appropriate. Indeed.

MIRACL is actually an acronym for "Multiprecision Integer and Rational
Arithmetic C/C++ Library" [1]

[1] [https://www.miracl.com/miracl-labs](https://www.miracl.com/miracl-labs)

------
evv
From what I can tell, Milagro does more-or-less the same thing as Ethereum. In
what ways it it different?

~~~
Ar-Curunir
I don't think this is the case; Milagro (I think) serves as a way to
authenticate IoT devices cryptographically without relying on closed-source
solutions and third parties like CAs.

