From: Reid Sweatman (borderland_at_[hidden])
Date: 2000-02-21 02:37:41
I wasn't aware of the SHA-1 issue, but the other points were what I had in
mind when I said "generalize." Since most of my requirements for PRNG's are
in Windows-based applications, I've not had occasion to go outside
Schneier's implementation, but obviously, for the purposes of Boost it would
have to be modified. I don't suppose Adam Beck's implementation is freely
available, is it?
> -----Original Message-----
> From: Mario Contestabile [mailto:marioc_at_[hidden]]
> Sent: Sunday, February 20, 2000 10:35 AM
> To: boost_at_[hidden]
> Subject: [boost] Re: Proposal: random number library
> I've been using Yarrow 0.8.7 for well over a year (under Win9x & NT).
> its usage under Windows is satisfactory, the next version of our software
> will drop that implementation, and use our own, for the following reasons:
> - The counterpane implementation of the Yarrow algorithm contains errors
> in its usage of SHA-1. At my company (Zero-Knowledge Systems) I'm
> to work with some very strong cryptographers (Ian Goldberg, Adam Back) who
> have noticed this. Adam has written a 'C' API which implements the Yarrow
> algorithm in a much simpler way, primarily because:
> - The counterpane implementation of Yarrow isn't cleanly decoupled from
> the entropy gathering, os specific functionality. Ideally, one would want
> the algorithm implemented in a class which provides methods for randomness
> input & output. That implementation is divided into 3 DLLs, one called for
> the core routines, one for safe memory allocation, & one for hooks. In the
> core prng routines, there are things like "__declspec(dllexport)" and
> "#pragma data_seg",
> - The need for safe memory allocation/deallocation is overkill.
> - And finally , to have more x-platform code. That implementation
> is too os
> specific. That algorithm implementation should be able to stand on its
> own regardless what the source of entropy is, or where it executes
> (kernel, user land).
> Mario Contestabile
> -----Original Message-----
> >> Another idea (not sure where I heard it first, maybe Schneier also) is
> >> to have a rng that the user can churn with randomness from the system.
> >> This randomness would get added into the mix.
> >Why not just incorporate Schneier's Yarrow implementation, which can be
> >downloaded from his site? Admittedly, it's beta at present, but the code
> >freely available, and does a pretty good job of what you're
> talking about.
> >I seem to recall some Windows dependencies, but it shouldn't be
> too hard to
> >generalize them.
> Registering a domain name is quick and easy.
> -- Easily schedule meetings and events using the group calendar!
> -- http://www.egroups.com/cal?listname=boost&m=1
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk