On Wed, 02 Mar 2011 23:50:16 -0600 Marsh Ray <marsh@extendedsubset.com> wrote:
[...] The RSA example is a great way to demonstrate bigint libraries - and a terrible thing to actually use it for.
Maybe, maybe not. A lot of viable uses for public-key encryption don't require government-level security.
I suggest any wording suggesting "cryptographically secure" be avoided. Even dedicated purpose cryptographic libraries written and maintained by experts are still weeding out the tiny bugs and timing and cache side-channel attacks years later.
That's why the XInt-provided convenience class is called strong_random_generator, not secure_random_generator. :-) It's simply an interface to the OS-provided generator, which is supposed to be cryptographically secure. I've added additional notes in a couple prominent places in the documentation for the next release, explicitly pointing out that its cryptographic security depends on that of the underlying generator. -- Chad Nelson Oak Circle Software, Inc. * * *