That seems like a good idea. The easiest way to do it would probably be to modify GenerateRandom() to accept a new optional parameter, say "DeterministicRNG", which can be used to set the algorithm to P1363_KDF2<SHA256> instead of P1363_KDF2<SHA1>.
-------------------------------------------------- From: "Zooko Wilcox-O'Hearn" <[email protected]> Sent: Tuesday, May 12, 2009 7:05 PM To: "Wei Dai" <[email protected]> Cc: "Crypto++ Users" <[email protected]> Subject: Re: secure deterministic private key generation (was: RandomPool and Integer Randomize Problem) > > On Mar 2, 2009, at 23:11 PM, Wei Dai wrote: > >> Zooko, the functionality you want is already in Crypto++. Just do >> this: >> >> SecByteBlock seed; >> // fill seed here >> r.GenerateRandom(NullRNG(), MakeParameters(Name::Min(), 1)(Name::Max >> (), n)(Name::Seed(), ConstByteArrayParameter(seed))); >> >> This will be supported and be backwards compatible indefinitely. >> Internally it will use P1363_KDF2<SHA1> to generate random integers >> that are the same length as n-1, until one of them is less than >> n-1, then it returns that number plus 1. Not too different from >> your code, actually. > > I want to make sure that I understand the algorithm and can > regenerate the same keys later, so I intend to write unit tests which > generate keys, and then compute the same algorithm (based on > P1363_KDF2) in the test code (in Python) and assert that they get the > same result. > > I wonder if I can write a bit of C++ code so that I can do both the C+ > + version and the Python version using SHA-256 instead of SHA1. I > know that SHA1 is probably okay for this use, where all we require of > it is "unpredictable and well distributed output given unpredictable > and well distributed input", and as far as anyone knows SHA1 can do > that, but certainly we don't have any use of SHA1 anywhere else in > our formats right now, and it would be nice in the future to be able > to simply say "No SHA1 anywhere in here.". > > For example, people could then implement Tahoe without implementing > SHA1 at all. > > So I think I'll look into what it would take to implement the same > functionality that the above GenerateRandom() has, but with SHA-256. > > What do you think? > > Regards, > > Zooko > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
