On Mar 2, 2009, at 23:11 PM, Wei Dai wrote: > Zooko, the functionality you want is already in Crypto++. Just do > this: > > SecByteBlock seed; > // fill seed here > r.GenerateRandom(NullRNG(), MakeParameters(Name::Min(), 1)(Name::Max > (), n)(Name::Seed(), ConstByteArrayParameter(seed))); > > This will be supported and be backwards compatible indefinitely. > Internally it will use P1363_KDF2<SHA1> to generate random integers > that are the same length as n-1, until one of them is less than > n-1, then it returns that number plus 1. Not too different from > your code, actually.
I want to make sure that I understand the algorithm and can regenerate the same keys later, so I intend to write unit tests which generate keys, and then compute the same algorithm (based on P1363_KDF2) in the test code (in Python) and assert that they get the same result. I wonder if I can write a bit of C++ code so that I can do both the C+ + version and the Python version using SHA-256 instead of SHA1. I know that SHA1 is probably okay for this use, where all we require of it is "unpredictable and well distributed output given unpredictable and well distributed input", and as far as anyone knows SHA1 can do that, but certainly we don't have any use of SHA1 anywhere else in our formats right now, and it would be nice in the future to be able to simply say "No SHA1 anywhere in here.". For example, people could then implement Tahoe without implementing SHA1 at all. So I think I'll look into what it would take to implement the same functionality that the above GenerateRandom() has, but with SHA-256. What do you think? Regards, Zooko --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
