Hi to all, I have looked at the current state of the crypto namespace. The current code is not really modular so I propose the following new/modified features: we have a defenition for "cipher" that is "some thing" that encrypts/decrypts message within a stream. This thing could perform this operation on any arbitary message length. for block ciphers the use of mode of operation implements this stream encasulation of the underlying block_cipher. stream ciphers easily allow for such encapsulations. wipe algorithms that are used to wipe streams/buffers with specified patterns i.e. Gutmann wipe algorithm secure allocator would use a default wipe algorithm i.e. all zero for wipe of buffers. namespace boost { namespace crypto { template < ... > class block_cipher // abstract class for ALL block ciphers to inherit from { public: virtual void setkey(...) = 0; virtual void encrypt(...) = 0; virtual void decrypt(...) = 0; }; template < ... > class padding // abstract class for ALL padding algos to inherit from { public: virtual bool allways() = 0; // if the padding allways pads/unpads virtual size_t padsize(size_t count) = 0; virtual size_t unpadsize(size_t count) = 0; virtual size_t pad(T*dest, const T*src, size_t count) = 0; virtual size_t unpad(T*dest, const T*src, size_t count) = 0; }; enum wipe_mode { random = 0x2, pattern = 0x4, unknown = ~(random | pattern) }; typedef struct wipe_method_t { const wipe_mode mode; const void *pattern; const size_t length; }; template < ... > class wipe_algorithm { private: int counter; std::vector < wipe_method_t > pass; public: wipe_method_t& next() { return pass[counter++]; } ; wipe_method_t& previous() { return pass[--counter]; } ; wipe_method_t& at(int pass) { return pass[pass]; } ; }; template < ... , class wipe_algorithm> class basic_wipe : public wipe_algorithm < ... > { }; template < ... , class wipe_algorithm > // we allready have it, modifications need to be minor class secure_alocator { }; template < class cipher > class basic_crypto_stream : public std::basic_ios <...> { /* * This class allows for transparent encryption/decryption * and clears buffer (or even wipes) buffers used during the process */ public: . . . }; typedef basic_crypto_stream< char, ... > crypto_stream; template < ... > class basic_hash { . . . protected: virtual void transform_create() = 0; virtual void transform_add(const void* data, size_t data_bits) { // this class managed a bit-maped buffering using word oriented // operations, thus it would comply with new standards while being // efficient. the classes which inherit from this do not need to // re-implement this function }; virtual void transform_finalise() = 0; public: . . . }; TODO: implement : Hash algorithms: SHA-2 family, Whirlpool, (future : SHA-3) Stream ciphers : salsa20, and some of the ECRYPT finalysts }} // crypto , boost namespaces Optomisation: the AES (Rijndael) uses a very slow code, the speed could be increases by up to a factor of 5 if pre-computed s-box tables are used, this would cause for an increase of ~4KB in the class size, however, i think the speed penalties are to high for the current implementation. I think it is enought for now open for comments, suggestions and anything else