Cryptography and D
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Sun Jul 6 06:49:56 PDT 2014
On Saturday, 5 July 2014 at 21:50:59 UTC, Nick Sabalausky wrote:
> Secondly, if the difficulty you're referring to is all the
> various side-channel attacks (like buffer overflows, timing
> attack, etc), then you're conflating crypto and security. The
> two are certainly related, but they are NOT the same.
It's called Fleming cryptanalysis :)
> 3. Too late anyway: See std.digest. Besides, if anything,
> std.digest is arguably *worse* because (until 2.066) it only
> provides the worst choices. std.random isn't much better.
> Granted, it doesn't claim to be crypto-grade, but it doesn't
> clearly state that it *isn't* and that's just as bad: People
> are going to to decide (incorrectly) they can use it to
> generate salts or tokens or whatever, and they will do so.
> Heck, *I've* even done it, and *I'm* someone who actually knows
> better.
The default PRNG is routinely used for salt generation :)
Granted, your library makes it easier to use good salts. Though,
it needs examples or tutorials, how to actually use the library
correctly.
More information about the Digitalmars-d
mailing list