On Fri, Dec 09, 2005 at 09:36:41AM -0800, Walter Landry wrote:
Jody Hagins <jody-boost-011304@atdesk.com> wrote:
On Fri, 09 Dec 2005 16:52:18 +0100 Martin Wille <mw8329@yahoo.com.au> wrote:
I don't recall any proposal for that. While I'd like to see support for MD5 and related algorithms in Boost, I don't think this implementation has an acceptable license (because of the RSA clause).
I worked on an independent implementation a while back, for my own use. If there is interest, I can find the code and toss it in the vault.
It might be preferable to just use Botan
It has a number of crypto algorithms, and optimizing these things is quite hard. However, I don't know that the author would be interested in being assimilated by the boost collective.
To be honest, I would say neither Crypto++ nor Botan is particularly well suited for being adopted by Boost; either would have to undergo substantial chances to merge in with the general Boost style, and both have existing users who would probably be unhappy with that. While it is simple enough to code a few hashes (and certainly they have many applications across a wide field of work, so it might make sense to do that), I would suggest thinking hard about it before going down a Boost.Crypto path; first you need ciphers, then you need PRNGs to generate keys, then entropy sources to seed the PRNG, then public key code, then ASN.1, then certs, then OCSP and CRLs, and so on... it seems to be the case that you can either give a user a few primitives and let them shoot themselves in the foot, or give them a fairly complete package and have at least some hope that you're not just making it simpler for them to shoot themselves. There is a body of case history on this (Peter Gutmann, in particular, has done several good papers on the topic); in my own experience reviewing applications that use crypto (open source and commercial), I would say the most common crypto flaw is almost certainly misusing a good implementation of a good algorithm in such a way that catastrophic problems result. This is much more likely to occur if you just give the user some bare-metal crypto primitives. Not that there is anything wrong with a Boost.Crypto - I certainly wouldn't mind such a project, in the sense that I could then copy all the good ideas from it into Botan. :) I just wanted to offer some (entirely subjective and biased) datapoints for purposes of discussion. /back to lurking -Jack