[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: [RFC] Support for /dev/urandom in kdelibs
From: Michael Buesch <mbuesch () freenet ! de>
Date: 2004-12-30 12:06:41
Message-ID: 200412301306.46707.mbuesch () freenet ! de
[Download RAW message or body]
Quoting Brad Hards <bradh@frogmouth.net>:
> On Thu, 30 Dec 2004 21:59 pm, Michael Buesch wrote:
> > See KEntropySource as some kind of experimental stuff. I'm just
> > playing around.
> > But I see. Maybe it's over-designed.
> I think that it is a bit messy, because the "randomness" part of the API (the
> Source enum) is really part of the implementation, and that normally
> indicates a design problem.
> Also, the number of methods in QIODevice (and QDataStream) that don't really
> have any meaning is probably a bad sign too. As a user, I think of questsions
> such as "Why should I open()? Why should I need to close()? Why can't the
> KRandomiser class handle that for me?"
>
> > A usage for this maybe my application PwManager.
> > Currently I use this:
> > http://webcvs.kde.org/kdeextragear-3/pwmanager/pwmanager/randomizer/randomi
> >zer.h?rev=1.2&view=markup
> >
> > It also works with the >> operator but without QDataStream, so
> > it's easier to use.
> I think I like the explicit static methods better, but I could probably add
> operator>> (or operator<<) to QCA::Random if that would help.
>
> I think that QCA (see kdesupport/qca/ for current CVS) could help enormously
> with PwManager (since it will provide nice crypto primitives including
> hashing and ciphers, convenient handling for keys, salts, secure memory, and
> so on). That is the real attraction of doing the cryptographic level
> randomness stuff in QCA - it can return a QCA::InitializationVector, rather
> than having to be a QByteArray which is a bit easy to mix up with another
> QByteArray that has the key, or yet another QByteArray that has the data you
> wanted to run through HMAC.... Maybe you could take a look at QCA, and
> provide feedback? Patches are great feedback too :)
I already looked at it in the past. It's nice and I considered usage of it
in PwManager.
I'm sorry that i can't provide patches as I've got more than enough work
pending in millions of other projects. ;)
And yes, you are right. KEntropySource is over-designed
and not really neccessary.
But I still want to see a standardized random data source in KDE. QCA might
do a nice job there.
Thanks for your feedback.
> Brad
>
--
Regards Michael Buesch [ http://www.tuxsoft.de.vu ]
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic