Botan 1.8.2: Entropy seeding improvements, GOST 34.11 hash function
A new release of botan is tagged in the monotone repository, and tarballs are available.
Entropy polling/scanning for the PRNG has been sped up quite a bit, mostly by removing redundant operations, as well as by maintaining a target bit count to collect. Once this goal is reached, the poll is stopped. Since entropy sources are scanned (more or less) in the order fastest to slowest, this tends to improve the runtime of an entropy poll quite noticably.
The GOST 34.11 hash function has been added. This hash function is standardized in Russia, and uses the GOST 28147 block cipher as a cryptographic component. RFC 4357 specifies a particular set of sboxes for the GOST cipher for use in the 34.11 hash function. Adding support for 34.11 required modifying the block cipher implementation, and it now supports the standard 'test' sboxes as well as the RFC 4357 parameters. The so-called 'test' parameters are commonly used in other GOST 28147 software implementations (such as in Crypto++ and BeeCrypt), and, according to Wikipedia, are also used by the Russian Central Bank.
One caveat: the previous implementation of GOST 28147 used a completely non-standard set of sboxes. These sboxes are not supported any longer. While introducing an incompatible change in a point release normally is not very nice, it seems justifiable in the current situation, as the API document has stated for years:
Generally, cryptographic algorithms are well standardized, thus compatibility between implementations is relatively simple (of course, not all algorithms are supported by all implementations). But there are a few algorithms which are poorly specified, and these should be avoided if you wish your data to be processed in the same way by another implementation (including future versions of Botan).
The block cipher GOST has a particularly poor specification: there are no standard Sboxes [...]
If necessary, a new sbox parameter set cooresponding to the one used in previous versions of botan could be defined.
It was noticed that the datestamp for this release, 20090407, is a prime number. This seemed quite neat, and it has henceforth been decided that all future releases of botan will occur on similar 'prime days'.
Posted in releases at 2009/04/07 20:53; 0 comments
< Botan Now Included in Fedora | Botan 1.8.3: Skein-512, XTS mode, new Python build system >