> Under cryptopp 4.2, bufSeedIV is always the same, resulting in a bufHash > and m_bufIV which are always the same. > Under cryptopp 5.6.4 however, bufSeedIV is always different, this is our > problem. > > As far as I can figure, the RandomPool implementation changed over time, > but I could be wrong. >
Yeah, it changed around May 2007. Here's the [imported] git commit: https://github.com/weidai11/cryptopp/commit/f41245df6fb9b85574260eca9cd32777e8ab5136 . I'll get the documentation updated. I dont think the sources or Doxygen have a treatment. There's just a blurb on the wiki at https://cryptopp.com/wiki/RandomNumberGenerator#RandomPool. Any guidance would be appreciated! > You are not the first person who has experienced an issue. I seem to recall another person was quite pissed off at the change. I'm wondering if we should provide a legacy generator to give folks a path for a migrations. Its easy enough to provide RandomPool_MDC_SHA and say "don't use this". Or keep it out of the library and provide it on the Patch Page at https://cryptopp.com/wiki/RandomNumberGenerator#RandomPool . SHA as a PRF should be OK for those willing to accept it. The SHA cracks are due to collisions and the birthday attack. I don't know about MDC, however. Until this issue is disposed, maybe the following will help you: $ git clone https://github.com/weidai11/cryptopp cryptopp-ancient $ cryptopp-ancient # Checkout the RandomPool change $ git checkout f41245df6fb9b85574260eca9cd32777e8ab5136 # Go back one more git checkout HEAD~1 $ grep 'MDC<SHA>' *.h *.cpp randpool.cpp:typedef MDC<SHA> RandomPoolCipher; And there's the old generator. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
