Boost :

Subject: Re: [boost] [uuid] Issue 9407: please merge fix
From: Antony Polukhin (antoshkka_at_[hidden])
Date: 2015-01-19 05:54:18

• Next message: Adam Wulkiewicz: "Re: [boost] How to get tests running for new library"
• Previous message: John Maddock: "Re: [boost] [type_traits] Rewrite and dependency free version"
• In reply to: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"

2015-01-17 19:31 GMT+04:00 Peter Dimov <lists_at_[hidden]>:

> Antony Polukhin wrote:
>
>> So mixing in some additional entropy seems reasonable.
>>
>
> There is no guarantee that mixing in highly predictable, or constant,
> values using SHA1 improves the quality of the random numbers, or decreases
> their predictability. It is not at all impossible for such amateur
> improvements to actually decrease the quality of the original source.
>
> The only genuine entropy here is QueryPerformanceCounter, which is already
> incorporated into the output of CryptGenRandom.
>
> And in fact, the goal of the original code has never been to achieve
> crypto quality randomness, or even to approach the quality of
> CryptGenRandom. It's just for UUID generation, after all.

Agreed. But the initial goal of the pull request is just to avoid reads of
uninitialized memory. Original methods of gathering entropy (those that
possibly decrease quality) remain almost untouched, just CryptGenRandom is
added as a bonus.

-- 
Best regards,
Antony Polukhin

• Next message: Adam Wulkiewicz: "Re: [boost] How to get tests running for new library"
• Previous message: John Maddock: "Re: [boost] [type_traits] Rewrite and dependency free version"
• In reply to: Peter Dimov: "Re: [boost] [uuid] Issue 9407: please merge fix"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk