At 01:23 AM 3/29/2007, Wei Dai wrote:
>two new namespaces under CryptoPP called "Weak" and
>"Deprecated", and move these algorithms into them.
OK, so I don't read this list in anywhere near real-time.
The only problem with this solution is that it's not a single cleanup
that's needed, but an ongoing issue that won't be solved in the forseeable
future. (At least, _I_ don't see proofs of security on the horizon.) The
notions of "weak" and "deprecated" are _temporal_ notions. What's weak in
2007 was strong (enough) in 1997. Two basic approaches present themselves:
1) Temporize the library itself, moving algorithms through a lifecycle
Ordinary --> Deprecated --> Weak --> Absent
This is what Wei is proposing.
2) Temporize the security guarantees provided by any particular algorithm,
allowing the developer to chose what to do about weakening confidence.
I believe (2) is preferable, for the simple reason that code won't suddenly
stop working on some new release. Translating this to a requirement, we
might say that a crypto library should instantly support the different
effective implementation times that various and multiple users have in the
field.
Now certainly it's also desirable that library authors, who know far more
about crypto research that its users do, have a mechanism to inform these
users that an implementation is weakening. I propose, then, a single
declaration, to appear before instances of algorithms are created, of
something like the following:
CryptoPP::RequireSecurity( 2007, Ordinary ) ;
What happens then? If an algorithm whose 2007-guarantee offers less than
Ordinary security, there's a failure (preferable compile-time).
How to implement this? Let's decide that it's a good idea first.
Eric
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [EMAIL PROTECTED]
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
