|
Boost : |
Subject: Re: [boost] New Boost.XInt Library, request preliminary review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2010-03-27 00:18:05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> So again, given that it's going to be less secure, is there a better
>> choice than the Mersenne Twister for systems where no random device is
>> available?
>
> Why not simply accept a Boost.Random (P)RNG, so the users can decide
> how random they want it to be? If you provide something that you
> expect will be used for security, it's a *feature* for it to fail when
> there's no CRNG available.
I started answering this by defending my current design, on the argument
that it's easier to use than one that requires the user to know about
random number generators himself. But after thinking about it, I *could*
provide a plug-in interface to whatever RNG the user wants to use, and
simply default to a less secure (but always available) RNG.
That should satisfy all camps -- those who need cryptographically-secure
RNGs can plug them in, and those who don't care can use the default RNG
and never worry about it.
I'll put that on the to-do list for the next iteration.
- --
Chad Nelson
Oak Circle Software, Inc.
*
*
*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuthv0ACgkQp9x9jeZ9/wT1XwCeNf2uly1FC6xrMIIMP1BSZIBA
+u0AnRi661xGaOTQ2UiGIDBelMme6X1V
=1XOp
-----END PGP SIGNATURE-----
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk