Boost :

Date view	Thread view	Subject view	Author view

From: Ruben Perez (rubenperez038_at_[hidden])
Date: 2024-12-12 11:15:49

Next message: Peter Dimov: "Re: [hash2] Difference from paper: HashAlgorithm interface vs. function object"
Previous message: Julien Blanc: "Re: [hash2] Difference from paper: HashAlgorithm interface vs. function object"
In reply to: Tom Kent: "Re: [hash2] Formal Review Begins"
Next in thread: Peter Dimov: "Re: [hash2] Formal Review Begins"
Reply: Peter Dimov: "Re: [hash2] Formal Review Begins"

On Wed, 11 Dec 2024, 02:55 Tom Kent via Boost, <boost_at_[hidden]>
wrote:

>
> There are several hashes given in this library that are used in security
> critical scenarios (e.g. SHA-2). Additionally, the explicit goal of the
> library is to give the user tools they need to build their own hashes.
>
> I do not see any indication that any kind of cryptographic assessment was
> done on this library. There is not even a mention that the security of
> these hashes has been thought about nor in what scenarios they could be
> used. This is absolutely essential for any library providing cryptographic
> primitives. There are a *lot* of potential pitfalls in the implementation
> of a cryptographic primitive, even in cases where the "correctness" of the
> end result aren't in question.
>
> For example, there have been timing attacks against SHA-2/HMAC where the
> difference in the amount of time processing takes can leak information
> about the secret key.
> https://dl.acm.org/doi/10.1007/978-3-030-89915-8_2
>
> These side-channel type attacks can be extremely insidious, and are not
> things that people who are otherwise experts in C++/C/Assembly/etc would
> ever think about. For cryptography, we need a different type of expert than
> the type we typically grow in this community.
>
> **If Boost wants to take on providing cryptographic primitives, we need to
> hold those libraries to a higher standard, including an evaluation by
> outside cryptopgophers before we release anything to the public.**
>

As a potential user mainly interested in the "hashing untyped byte
sequences" use case (involving SHA2), do you think migrating from OpenSSL
to Boost.Hash2 would be detrimental for security at this point? If the
answer is yes, is there a way to remediate this (even after the library
gets accepted)? Or is this just not the main use case of the library?

The use case involves generating digests for a network protocol (MySQL).

I'd like to know both Tom's and Peter's opinions.

Thanks,
Ruben.

Next message: Peter Dimov: "Re: [hash2] Difference from paper: HashAlgorithm interface vs. function object"
Previous message: Julien Blanc: "Re: [hash2] Difference from paper: HashAlgorithm interface vs. function object"
In reply to: Tom Kent: "Re: [hash2] Formal Review Begins"
Next in thread: Peter Dimov: "Re: [hash2] Formal Review Begins"
Reply: Peter Dimov: "Re: [hash2] Formal Review Begins"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk