Boost :

Subject: Re: [boost] [uuid] Issue 9407: please merge fix
From: Antony Polukhin (antoshkka_at_[hidden])
Date: 2015-01-17 04:26:46

• Next message: Fletcher, John P: "[boost] [Phoenix] [MSVC] 8 9 and 10 COMDAT error"
• Previous message: Daryle Walker: "Re: [boost] Boost CRC maintainer (Daryle Walker) missing in action?"
• In reply to: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"
• Next in thread: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"
• Reply: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"

2015-01-16 20:04 GMT+03:00 Peter Dimov <lists_at_[hidden]>:
<...>

> On a more general note, all this homegrown entropy gathering in that
> function (for most of which I might be responsible, in fact) should just be
> skipped if we have CryptGenRandom or /dev/urandom; it should merely be a
> fallback. We're never going to improve upon CryptGenRandom's output, most
> we could do is not damage it, and /dev/urandom is, I think, also
> reasonably-crypto-quality on today's POSIX OSes.
>

Can not agree with that. We have no guarantee that CryptGenRandom algorithm
is not reversible or predictable. In case of /dev/urandom we at least can
see the sources (but that still does not give a 100% guarantee). So mixing
in some additional entropy seems reasonable.

-- 
Best regards,
Antony Polukhin

• Next message: Fletcher, John P: "[boost] [Phoenix] [MSVC] 8 9 and 10 COMDAT error"
• Previous message: Daryle Walker: "Re: [boost] Boost CRC maintainer (Daryle Walker) missing in action?"
• In reply to: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"
• Next in thread: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"
• Reply: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk