-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/29/2010 11:12 AM, Scott McMurray wrote:
Not acceptable. I want it to be easily portable, which means it has to compile even if the machine doesn't support any cryptographically-secure random number generator that the library recognizes. The developer using it can always plug in a generator that gets entropy from something the library doesn't know about, like an Internet site dedicated to that, after all -- they do exist.
If the library is promising something cryptographically-secure, then failing to compile when it can't is the *best* possible response. Quietly doing something else is the worst possible option when it comes to security. [...]
If the user of the library wants a secure random number generator, it's up to him to read the documentation. I explain exactly how to get it, with example code that shows it too. But most people using the library won't care about the issue, and just want it to work without any added effort or learning on their part, so an insecure (but always available) default is acceptable. (After Steven Watanabe pointed out the flaws in my original implementation, I redesigned it to accept any source from Boost.Random, including random_device. That's finished for the second iteration, which I'll probably upload this week. You can critique it then.) - -- Chad Nelson Oak Circle Software, Inc. * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuxRcwACgkQp9x9jeZ9/wQ+AgCeNuVvSwOzTIsx7KY90LPwEa1E iV8An1n7YZj3McHfG59/xsMQb4TXd6bP =Vpnv -----END PGP SIGNATURE-----