Boost logo

Boost :

Subject: Re: [boost] [random] cross-platform secure seeding methods planned?
From: Edouard A. (edouard_at_[hidden])
Date: 2009-05-14 10:47:09


Hi Sebastian,

If you are looking at cryptographically secure pseudo random generator, you
will need more than secure seeding.

A secure random generator must be

a - Random (!)
b - Uniformly distributed
c - Unpredictable

To my knowledge there is no PRNG in boost that satisfy these three. Even the
mersenne twister, present in boost, is insufficient for secure uses since
its output can be predicted (success in a & b, failure in c). When a crypto
lib will land in boost, one can expect a secure PRNG to appear.

Which is why, in my opinion, there is no need for a safe seeder at the
moment. The generators are not safe themselves.

-Edouard

-----Original Message-----
From: boost-bounces_at_[hidden] [mailto:boost-bounces_at_[hidden]]
On Behalf Of Sebastian Nowozin
Sent: jeudi 14 mai 2009 15:56
To: boost_at_[hidden]
Subject: [boost] [random] cross-platform secure seeding methods planned?

Hello everybody,

I like the flexibility boost::random offers. However, a severe drawback
of the current library is that it does not offer a safe way of
generating seeds. Of course the methods for providing this feature
would vary quite a lot across platforms (e.g. on some systems its safe
to use /dev/random, on some it is not).

  However, as the library is currently, many users will resort to ad-hoc
or unsafe seeding methods instead of implementing a safe solution
themselves.

  Hence, is a cross-platform secure seeding feature planned for
boost::random in the future?

Thanks,
Sebastian
_______________________________________________
Unsubscribe & other changes:
http://lists.boost.org/mailman/listinfo.cgi/boost
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4075 (20090514) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4075 (20090514) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk