|
Boost : |
Subject: Re: [boost] [Boost-users] [xint] Boost.XInt formal review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2011-03-03 10:42:29
On Wed, 02 Mar 2011 23:50:16 -0600
Marsh Ray <marsh_at_[hidden]> wrote:
> [...] The RSA example is a great way to demonstrate bigint libraries -
> and a terrible thing to actually use it for.
Maybe, maybe not. A lot of viable uses for public-key encryption don't
require government-level security.
> I suggest any wording suggesting "cryptographically secure" be
> avoided. Even dedicated purpose cryptographic libraries written and
> maintained by experts are still weeding out the tiny bugs and timing
> and cache side-channel attacks years later.
That's why the XInt-provided convenience class is called
strong_random_generator, not secure_random_generator. :-) It's simply
an interface to the OS-provided generator, which is supposed to be
cryptographically secure. I've added additional notes in a couple
prominent places in the documentation for the next release, explicitly
pointing out that its cryptographic security depends on that of the
underlying generator.
-- Chad Nelson Oak Circle Software, Inc. * * *
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk