Re: [boost] Cryptography for Boost.

25 Feb 2020

      ...
Gesendet: Montag, 24. Februar 2020 um 17:00 Uhr
Von: "Kostas Savvidis via Boost" 
...
On Feb 24, 2020, at 12:34, Mike via Boost  wrote:
I can't speak for the boost community, but I guess another big question mark is probably
long term support and response to security vulnerabilities.
+1  ---  If it is not written by people with academic credentials in cryptography
and does not come with an independent
security audit from the same it should be a clear no go.
I have to wonder though: Did/does Openssl/libressl actually satisfy those criteria?

I mean, we are (hopefulley) not talking about inventing new crypto algorithms, but
rather have a new implementation for existing ones. I'm not sure, if you really need
a degree in cryptology to write one (unless the specs are so complicated that no one
else can understand them of course). I'm much more concerned with e.g. avoiding
the likes of heartbleed and making sure one has a true source of random numbers.

But yes, such a library would definetly need an audit by experts in the field to make
sure the algorithms are implemented correctly. And as Alexander pointed out, there
needs to be a way to patch bugs and update the lib outside of the regular boost
distribution (Btw. that is a general concern I have with libraries that process network
traffic)

Best

Mike
...
Best,
Kostas Savvidis
============================================================================================
Institute of Nuclear and Particle Physics
NCSR Demokritos
https://github.com/kotika/random https://github.com/kotika/random
https://mixmax.hepforge.org https://mixmax.hepforge.org/
_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost