Upcoming Improvements to the Python Bindings
The Python bindings for botan are being substantially reworked and expanded in the next development release, and will soon become an officially supported feature.
A quick taste of some of the current interfaces follows after the break.
Posted in devnotes at 2009/10/13 18:16; 0 comments
In the SHA-3 contest, 14 of the candidate algorithms have made it to the second round as possible finalists.
I have added an implementation of Blue Midnight Wish (BMW), one of the round 2 algorithms, to the development releases of botan. Only the 512-bit variant is currently supported, since that is much faster on 64 bit processors than the 256-bit hash, and, presumably, at least as secure. BMW is very fast, and actually probably the fastest of all the round 2 candidates. Its design is quite unusual and so it is easily possible that a break in the algorithm will be found at some point, so its current inclusion in botan should be considered as being for evaluation purposes only.
On a 2.4 GHz Core2 Kentsfield, the current implementation clocks in at 315 mebibytes per second, while on a 2.5 GHz PowerPC 970FX I'm seeing around 222 MiB/s. In comparison Skein-512 on the same processors runs at 275 and 202 MiB/s (resp), so about 85%-90% of the throughput of Blue Midnight Wish.
Posted in devnotes at 2009/10/08 19:56; 0 comments
The designers of the Skein hash function have published a small tweak to the algorithm for the second round of the SHA-3 competition. A new search technique has been used to generate an updated set of rotation constants in the Threefish round function, which increase the diffusion of the block cipher used in Skein.
This means there are effectively two incompatible versions of Skein - the original design, and the tweaked version. Botan has contained an implementation of Skein-512 since version 1.8.3, which used the original rotation constants. A change has already been checked into source control which alters to use the new tweaked constants; these will be used in future releases.
Unfortunately this means botan's Skein implementation will be incompatible with not only the previous versions, but also most other existing Skein implementations. However it seems reasonable to think that most other implementations will be modified to use the tweaked variant relatively shortly.
For the record, I think it would be unwise to use Skein (either the original or tweaked versions) in new systems just yet - while some analysis has been made, suggesting that Skein is in fact quite strong, it is still very early in the SHA-3 process and vulnerabilities may well be discovered between now and the SHA-3 conference next summer.
Posted in devnotes at 2009/09/16 10:59; 0 comments
Algorithm Benchmarking and Provider Selection in Botan 1.8
A major driver for Botan's performance in the last couple of years has been from its use in Monotone, a distributed revision control system. There were two major design decisions made by Monotone's developers which caused Botan to become a bottleneck in Monotone's performance. This post is about those design decisions, and changes made in the last two years during the 1.7 development process intended to improve Monotone's performance.
Posted in devnotes at 2008/11/22 15:39; 0 comments
A Key Derivation Function (KDF) is a function that takes a secret input of possibly non-uniform distribution (like a password, or the result of a Diffie-Hellman key exchange) and generates one or more keys which are uniform random and pairwise independent. But these are not guarantees - typically if you can break some trusted cryptographic primitive, you can break the KDF. For instance, if you can easily invert SHA-1, then you could break a KDF based on SHA-1 by taking one of the resulting derived keys, inverting it to get the master key, and then rederiving the rest of keys. The hope is that inverting SHA-1 is hard to do.
Posted in devnotes at 2008/05/14 10:31; 0 comments
[1] 2 >>