> Under cryptopp 4.2, bufSeedIV is always the same, resulting in a bufHash 
> and m_bufIV which are always the same. 
> Under cryptopp 5.6.4 however, bufSeedIV is always different, this is our 
> problem.
> As far as I can figure, the RandomPool implementation changed over time, 
> but I could be wrong.

Yeah, it changed around May 2007. Here's the [imported] git commit: 

I'll get the documentation updated. I dont think the sources or Doxygen 
have a treatment. There's just a blurb on the wiki at 

Any guidance would be appreciated!

You are not the first person who has experienced an issue. I seem to recall 
another person was quite pissed off at the change.

I'm wondering if we should provide a legacy generator to give folks a path 
for a migrations. Its easy enough to provide RandomPool_MDC_SHA and say 
"don't use this". Or keep it out of the library and provide it on the Patch 
Page at https://cryptopp.com/wiki/RandomNumberGenerator#RandomPool .

SHA as a PRF should be OK for those willing to accept it. The SHA cracks 
are due to collisions and the birthday attack. I don't know about MDC, 

Until this issue is disposed, maybe the following will help you:

    $ git clone https://github.com/weidai11/cryptopp cryptopp-ancient
    $ cryptopp-ancient

    # Checkout the RandomPool change
    $ git checkout f41245df6fb9b85574260eca9cd32777e8ab5136
    # Go back one more
    git checkout HEAD~1

    $ grep 'MDC<SHA>' *.h *.cpp
    randpool.cpp:typedef MDC<SHA> RandomPoolCipher;

And there's the old generator.


You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to