Boost :

Date view	Thread view	Subject view	Author view

Subject: Re: [boost] New Boost.XInt Library, request preliminary review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2010-03-27 20:17:14

Next message: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"
Previous message: Boris Schaeling: "Re: [boost] [GSoC] Boost.Process"
In reply to: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"
Next in thread: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"
Reply: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steven Watanabe said:
> All the Boost.Random generators are linear and therefore insecure.
> Can you just use boost::random_device instead of writing your
> own wrapper?

You didn't mention that boost::random_device is only available for Linux
and BSD. As I didn't realize this until I had redesigned XInt's system
to use it and was updating the documentation, it was an unpleasant
surprise. Like it or not, most people still run Windows, and will for
the foreseeable future. And since all versions of Windows since XP *do*
provide a cryptographically-secure random number generator, there's no
valid reason that XInt shouldn't support it.

(There may be a reason why Boost.Random shouldn't, since the device
isn't available on older versions of Windows, and the specification for
boost::random_device explicitly says that it should only be defined on
systems that provide such a device. Although Linux didn't provide it
until kernel version 1.3.30 either, only seven years before XP was
released.)

However, I've redesigned XInt's random number system. It will now work
with any of the Boost.Random-supplied generators (including
random_device where available). I also added a strong_random_generator
class, similar to random_device but which also works for Windows. It
still defaults to a Mersenne Twister seeded with the time if no
generator is provided, but that's a deliberate feature, not a bug. :-)

These will be in the second iteration, which I'll post within the week
if all goes well.
- --
Chad Nelson
Oak Circle Software, Inc.
*
*
*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuuoAcACgkQp9x9jeZ9/wQiOQCdHBVaLbGRRCQu+OwP5hRSuB/e
b/sAnjKkm67fkdUr1lLjJjisbmERg4jQ
=yh2i
-----END PGP SIGNATURE-----

Next message: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"
Previous message: Boris Schaeling: "Re: [boost] [GSoC] Boost.Process"
In reply to: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"
Next in thread: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"
Reply: Steven Watanabe: "Re: [boost] New Boost.XInt Library, request preliminary review"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk