|
Boost : |
Subject: Re: [boost] New Boost.XInt Library, request preliminary review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2010-03-29 20:29:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/29/2010 11:12 AM, Scott McMurray wrote:
>> Not acceptable. I want it to be easily portable, which means it has
>> to compile even if the machine doesn't support any
>> cryptographically-secure random number generator that the library
>> recognizes. The developer using it can always plug in a generator
>> that gets entropy from something the library doesn't know about,
>> like an Internet site dedicated to that, after all -- they do
>> exist.
>
> If the library is promising something cryptographically-secure, then
> failing to compile when it can't is the *best* possible response.
> Quietly doing something else is the worst possible option when it
> comes to security. [...]
If the user of the library wants a secure random number generator, it's
up to him to read the documentation. I explain exactly how to get it,
with example code that shows it too. But most people using the library
won't care about the issue, and just want it to work without any added
effort or learning on their part, so an insecure (but always available)
default is acceptable.
(After Steven Watanabe pointed out the flaws in my original
implementation, I redesigned it to accept any source from Boost.Random,
including random_device. That's finished for the second iteration, which
I'll probably upload this week. You can critique it then.)
- --
Chad Nelson
Oak Circle Software, Inc.
*
*
*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuxRcwACgkQp9x9jeZ9/wQ+AgCeNuVvSwOzTIsx7KY90LPwEa1E
iV8An1n7YZj3McHfG59/xsMQb4TXd6bP
=Vpnv
-----END PGP SIGNATURE-----
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk