From: Jack Lloyd (lloyd+boost_at_[hidden])
Date: 2005-12-09 13:29:01
On Fri, Dec 09, 2005 at 09:36:41AM -0800, Walter Landry wrote:
> Jody Hagins <jody-boost-011304_at_[hidden]> wrote:
> > On Fri, 09 Dec 2005 16:52:18 +0100
> > Martin Wille <mw8329_at_[hidden]> wrote:
> > > I don't recall any proposal for that. While I'd like to see support
> > > for MD5 and related algorithms in Boost, I don't think this
> > > implementation has an acceptable license (because of the RSA clause).
> > I worked on an independent implementation a while back, for my own use.
> > If there is interest, I can find the code and toss it in the vault.
> It might be preferable to just use Botan
> It has a number of crypto algorithms, and optimizing these things is
> quite hard. However, I don't know that the author would be interested
> in being assimilated by the boost collective.
To be honest, I would say neither Crypto++ nor Botan is particularly well
suited for being adopted by Boost; either would have to undergo substantial
chances to merge in with the general Boost style, and both have existing users
who would probably be unhappy with that.
While it is simple enough to code a few hashes (and certainly they have many
applications across a wide field of work, so it might make sense to do that), I
would suggest thinking hard about it before going down a Boost.Crypto path;
first you need ciphers, then you need PRNGs to generate keys, then entropy
sources to seed the PRNG, then public key code, then ASN.1, then certs, then
OCSP and CRLs, and so on... it seems to be the case that you can either give a
user a few primitives and let them shoot themselves in the foot, or give them a
fairly complete package and have at least some hope that you're not just making
it simpler for them to shoot themselves. There is a body of case history on
this (Peter Gutmann, in particular, has done several good papers on the topic);
in my own experience reviewing applications that use crypto (open source and
commercial), I would say the most common crypto flaw is almost certainly
misusing a good implementation of a good algorithm in such a way that
catastrophic problems result. This is much more likely to occur if you just
give the user some bare-metal crypto primitives.
Not that there is anything wrong with a Boost.Crypto - I certainly wouldn't
mind such a project, in the sense that I could then copy all the good ideas
from it into Botan. :) I just wanted to offer some (entirely subjective and
biased) datapoints for purposes of discussion.
/back to lurking
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk