Talk:Crypto++
This is the talk page for discussing improvements to the Crypto++ article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Archives: 1 |
This article was nominated for deletion on 9 August 2010. The result of the discussion was keep. |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||
|
Primary Sources - NOR Issue
editThis might be a good time to mention that Google groups can't really be used as a source for facts in the article. Matter a fact, primary sources shouldn't be used at all except in special/sparing situations.
More info: Wikipedia:NOR
Primary sources should be replaced with secondary source before the article gets into Original Research problems.
-- ℐℴℯℓ ℳ. ℂℌAT ✐ 06:53, 11 August 2010 (UTC)
- > This might be a good time to mention that Google groups can't really
- > be used as a source for facts in the article.
- Most of the time, Wei will only respond to inquiries on the list so it is available to everyone. Other times, its the only place that Wei will have responded (ie, he did not place it on the Crypto++ website). I'll definitely need help with this.
- Jeff Noloader (talk) 07:29, 11 August 2010 (UTC)
- Yea I know but it doesn't matter what or where Wei resounds to, whatever Wei says can't be used. Only information from a third party can be used.
- It's like if there's an article about something I made. I made claims for everyone to see on Google groups such as, "my new widget is capable of growing your hair if applied to the scalp." Then an editor writes in the article, "Joel is the inventor of the hair widget that grows hair if applied to the scalp." The editor reasons that if I'm the inventor that the info is reliable enough for the encyclopedia. See the problem?
- Primary sources should be avoided. Primary sources from Google groups should not even be thought about.
- Remember that it is a lot better to have less information than misinformation information. Also, if the information being put in the article is really noteworthy, other people would have written about it (third party sources).
- Ryan Norton said, "There are plenty of sources; its often cited as a source in scholarly papers [...]."[1] Have you tried going to your local public library's website? They may have online databases for you to use. Those online resources may have scholarly papers that you can use in your research. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 16:09, 11 August 2010 (UTC)
- Yeah, there's a paper that mentions this stuff out there someplace - the problem is a lot of them you have to pay to see ;p. Ryan Norton 16:14, 11 August 2010 (UTC)
Citation Required (AES/Camellia)
editIs the citation needed for (1) the fact that AES and Camellia are roughly equivalent, or (2) Crypto++ includes the Camellia cipher? If the previous, it was my hopes that 'roughly equivalent' painted with a broad enough brush so that a citation was not needed. Both are 16 byte block ciphers, and both are recognized/standardized by standards bodies.
- Found a statement claiming 'comparableness' between AES and Camellia: "Camellia is internationally recognized as the representative of Japanese ciphers and as the unique 128-bit block cipher that possesses the security level and processing capability equivalent to AES...." at http://www.physorg.com/news5315.html.
- Still need something for Whirlpool.
- Found the equivalency for SHA and Whirlpool: "Whirlpool is a one-way ... It was originally submitted to NESSIE (New European Schemes for Signatures, Integrity and Encryption) project and is the only hash function alongside SHA-256, SHA-384 and SHA-512 in the NESSIE portfolio." And in section 4 (security): "The hash code length is 512-bits, same as the longest hash code with SHA. According to NESSIE evaluation of Whirlpool...". See http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.98.6099&rep=rep1&type=pdf.
- Jeff Noloader (talk) 19:13, 12 August 2010 (UTC)
Additional secondary sources that can be refrenced
edit- Math Error Could Compromise Cryptographic Systems
- Groove Software Obtains Key Government Security Validations.
- VoteHere.net Announces New Advisory Board Members.
- Wei Dai is active in the area of cryptography and currently writes and maintains Crypto++, a free C++ class library for cryptography. Formerly, Mr. Dai worked in the Cryptography Research Group at Microsoft Corporation in Redmond, Washington. While at Microsoft, he was involved in the study, design and implementation of cryptosystems for specialized applications. Prior to joining Microsoft, Mr. Dai was a programmer with TerraSciences of Acton, Massachusetts. Mr. Dai holds a Bachelor of Science degree from the University of Washington in computer science, with a minor in mathematics.
Remember that you can cite the same source more than once. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 17:07, 11 August 2010 (UTC)
Moving Crypto++ to CryptoPP
editI think Crypto++ isn't the best name for the article due to the URL being cumbersome. A human readable URL would work a lot better. The URL as of right now is /wiki/Crypto%2B%2B.
I propose that we move the article to CryptoPP and make Crypto++ a redirect to CryptoPP.
If we do decide to go ahead with the move, it would have to be after the whole WP:N issue is berried and done with. Also, the article should be edited so that CryptoPP is the dominating term used.
What do you guys think?
-- ℐℴℯℓ ℳ. ℂℌAT ✐ 02:01, 12 August 2010 (UTC)
- I think I prefer Crypto++ over CryptoPP out ouf [some sort of perverted C++] elegance (lol). But I won't complain either way. In C++, there is a notion on namespaces so that symbols (such as function names) don't clash. Crypto++ actually uses CryptoPP as a namespace, so if it is going to be changed, CryptoPP would be the choice.
- Jeff Noloader (talk) 02:17, 12 August 2010 (UTC)
- Forgot to mention.... I do agree with the observation. I actually send the link as /wiki/Crypto++. I assumed it was an application land (IE or FF) URL escape.
- Jeff Noloader (talk) 02:25, 12 August 2010 (UTC)
- This is how it looks in Google's results: img hosted at imageshack -- ℐℴℯℓ ℳ. ℂℌAT ✐ 03:53, 12 August 2010 (UTC)
- Please note that Crypto++ is the official name, while CryptoPP is just an alias that's used in situations where the plus sign can't be used. I think the title should remain "Crypto++" because the article on C++ is titled "C++" despite causing the URL to be /wiki/C%2B%2B. --Weidai (talk) 04:29, 12 August 2010 (UTC)
- The C++ naming argument pushed me over just a bit - I'd prefer it to stay.
- Jeff Noloader (talk) 03:27, 13 August 2010 (UTC)
Companies that use Crypto++ - Source does not fully support the facts
editThe quote that I pasted bellow has a citation that doesn't fully support the facts.
Companies that have used Crypto++ include Autodesk, Groove Networks, and Microsoft, in a range of applications from secure communications to secure collaboration. [2] |
The source points to a program called WinSSHD that uses the Crypto++ lib. The quote above claims that Autodesk, Groove Networks, and Microsoft make use of Crypto++ but the link only shows that WinSSHD makes use of the lib. This one citation can't hold up the claim put forward so I am going to remove it from the article until more sources can be found to support all the claims in the quote above.
It does not mean that the claim is untrue, it just means we need to find more sources that shows each of the systems mentioned make use of the Crypto++ lib. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 04:11, 12 August 2010 (UTC)
- > Re: WinSSHD, Autodesk, Groove, etc.
- The citation for the press release stating something similar to, "Groove acquires key governemnt certification" was gutted. In the article, I believe there was a reference to the underlying Crypto++ library. Microsoft bought Groove, so as a wholly owned subsidiary, Microsoft uses Crypto++. (I also know Microsoft uses it internally for a handful of pet projects, but that's from sidebar conversations with some MS folks which I cannot substantiate without making available private emails).
- Jeff Noloader (talk) 16:06, 12 August 2010 (UTC)
Note: Microsoft Groove is now called Microsoft SharePoint Workspace btw. Ryan Norton 00:19, 13 August 2010 (UTC)
Developer - Infobox
editIsn't Crypto++ open source? The info box says Developer: Wei Dai, wouldn't it be more appropreate to say Maintainer since the library is developed by the community? I'm going to look around at other open source articles to see how it's phrased. I'll do that tomorrow, I'm heading to bed now. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 04:25, 12 August 2010 (UTC)
- Hmmmm..... Crypto++ is open source. And Wei Dai is the lone developer who controls the sources (there is no Crypto++ team). So I believe it is correct. The differences in meaning of Developer(s) versus Maintainer(s), should be taken up by the language lawyers, or other more knowledgeable folks (more knowlegeable than me, which is not too hard).
- > I'm going to look around at other open source articles to see how it's phrased. I'll do that tomorrow
- OK. Have a look at OpenSSL, Botan, and TrueCrypt
Indeed, it's kind of unusual but Wei Dai has solely controlled the source the whole time to my knowledge. You could say "Wei Dai with contributions from others" but that's kind of redundant and probably a bit misleading no matter how you word it as people might think it is in traditional way of "contributers". Ryan Norton 00:50, 13 August 2010 (UTC)
- Am I the only dork that has no ties with this project? haha
- So Dai has never gotten a code contribution from anyone? Don't people report bugs so he can fix them? That counts as contribution from the community. There is a Crypto++ community because they have a wiki and mailing list, unless Dai likes to email him self... -- ℐℴℯℓ ℳ. ℂℌAT ✐ 02:07, 13 August 2010 (UTC)
- ROFLMAO (not really, just soda up the nose)
- > So Dai has never gotten a code contribution from anyone
- Yes, Wei has received and incorporated other's patches. But if he does not want the patch, he won't incorporate it even if needed (hence, 'tightly controlled'). At other times, he will capture the essence of a patch, but roll his own, separate, distinct implementation. Perhaps he does it for copyright reasons - I've never asked.
- Signed, Jeff Noloader (talk) 03:24, 13 August 2010 (UTC)
LOL.... well I don't have any ties to the project actually. Anyway it's more the wording - perhaps "Wei Dai with independant contributions"? I guess it is closer to the Linux development model, sans the heirarchy and that level of colloboration(sp?). Ryan Norton 03:27, 13 August 2010 (UTC)
- Forogt to mention (but you might have concluded) - Wei is the only person who can check in code at the SVN repository (unlike OpenSSL, which has a team of developers). If there are others, I'm not aware of them. I've often wondered what will happen to Crypto++ if Wei ever looses the ability to maintain it.
Noloader (talk) 03:45, 13 August 2010 (UTC)
- >"If there are others, I'm not aware of them. I've often wondered what will happen to Crypto++ if Wei ever looses the ability to maintain it." -- ℐℴℯℓ ℳ. ℂℌAT ✐ 04:44, 13 August 2010 (UTC)
Performance (Vagueness)
editHi Zoohouse,
I believe I removed the vagueness. Please verify it meets Wikipedia's standards.
Jeff —Preceding unsigned comment added by Noloader (talk • contribs) 18:20, 12 August 2010 (UTC)
- Considering I'm logged in, why does User:SineBot chose to agitate me with messages when I forget to sign? Why does Wikipedia not apply the [auto] signature without the need for badgering?
- I know its only four keystrokes, but on occasion I forget to add them.
- Jeff Noloader (talk) 18:26, 12 August 2010 (UTC)
- It's better but it's still vague.
Speed tests carried out by Timo Bingmann showed Crypto++ consistently met or exceeded the performance of seven open source libraries using 15 different block ciphers.[3] According to Bingmann's results, Crypto++ was the top performing library under two block ciphers, and did not rank below the average library performance under the remaining block ciphers.
- Is there an actual quote from the source that claims Crypto++ consistently met or exceeded the performance of seven open source libraries while using 15 different block ciphers or does the reader have to read the whole article and reason for themselves that the claim is true?
- If the latter is true, then the claim can be challenged as Orginal Researh and/or lacking NPOV. WP:NOR says, "[Original research] also refers to any analysis or synthesis by Wikipedians of published material, where the analysis or synthesis advances a position not advanced by the sources."
- Also keep in mind that this test: Comparative Analysis of Software Libraries for Public Key Cryptography found that, "CryptoPP leads in terms of support for cryptographic primitives and schemes, but is the slowest of all investigated libraries." It should also be represented in the section.
- Questions to ask to find NPOV issues:
- What were the ciphers it out perform in? Where they particular ciphers wildly used and of particular significance?
- Questions to ask to find NPOV issues:
- Did Crypto++ under perform in any particular cipher? If the + are spoken of, the - need to be spoken of as well.
- Does the author of the research plainly state that Crypto++ outperformed the other libraries in a way that is significant?
- Did Crypto++ outperform at all levels of the test or only a subset of the test? (did it do one of the steps better than the others but underperformed at overall goal)
- I don't want to come off as someone who is just finding problems or overly critical over something that seems trivial. The issue is that these are real problems that can be easily remedied by just rewriting the claim in a different way. The issue can't stay because it will be challenged by someone, and if you think the consideration for deletion problem was a pain in the butt, you don't want to see NOR/NPOV problems. Those things can spiral into a huge pain.
- You are doing a great job and the article is great. It just needs to address a few issues with how claims are worded. :) -- ℐℴℯℓ ℳ. ℂℌAT ✐ 19:39, 12 August 2010 (UTC)
- Off Topic - I tried to clean up the introduction for Camellia (cipher). Would you mind looking it over. I did add two statements (backed with two citations).
- > I don't want to come off as someone who is just finding problems or overly critical
- Not at all (the problems are with me and my inabilities).
- > If the + are spoken of, the - need to be spoken of as well.
- Agreeed. I added the good, so its only fitting that I add the bad (especially for NPOV).
- * Added findings from "Comparative Analysis of Software Libraries for Public Key Cryptography"
- * Reworked statement summary cited with "Speedtest and Comparison of Open-Source Cryptography Libraries and Compiler Flags"
- * Ready for criticism.
- Jeff Noloader (talk) 22:14, 12 August 2010 (UTC)
- * Would it be possible to note that the Abusharekh and Kaj paper did its analysis on version 5.1 of the library, which was released in 2003 (i.e., more than 7 years ago)? The paper itself is dated 2007, and I have no idea why they chose such an old version of Crypto++. --Weidai (talk) 04:26, 13 August 2010 (UTC)
- Yes, dates and versions of the libraries should be mention for each study. Thank you for pointing that out. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 04:30, 13 August 2010 (UTC)
- Not ignoring the request.... Someone else should probably make the change to keep me/the article out of conflict.
- Jeff Noloader (talk) 06:24, 13 August 2010 (UTC)
- Timo pointed out versioning at http://idlebox.net/2008/0714-cryptography-speedtest-comparison/distro-detailed.htt.
- Jeff Noloader (talk) 08:14, 13 August 2010 (UTC)
Open source Vs. Closed source - NPOV
editDon't get me wrong, I'm a huge open source fan and I find Richard M. Stallman's lecture on software pats interesting (even if he does scare me at times). But does anyone else find the following line a bit loaded?
"Unlike OpenSSL, which endured post-validation hardships from closed-sourced, for-profit adversaries [...]."
Not even a little sniff of biasizal? hehe -- ℐℴℯℓ ℳ. ℂℌAT ✐ 22:21, 12 August 2010 (UTC)
- I find I need a pulpit at times. :)
- Jeff Noloader (talk) 23:09, 12 August 2010 (UTC)
- By the way, what do you suggest? 'Adversaries' is a bit strong. I would not want to draw the ire of a company whose legal department could tie me up for decades.
- "Unlike OpenSSL, which endured post-validation hardships from closed-sourced, for-profit factions [...]"
- Jeff Noloader (talk) 23:12, 12 August 2010 (UTC)
I toned down the wording.... I'm still not sure if the reference to OpenSSL is really relevant though. Ryan Norton 00:57, 13 August 2010 (UTC)
- You are right, the reference to OpenSSL doesn't need to be made at all. Just say that Crypto++ has whatever cirs from whatever org. and cite that. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 01:44, 13 August 2010 (UTC)
- There goes my pulpit :(
- Jeff Noloader (talk) 03:17, 13 August 2010 (UTC)
- Not sure what one claim has to do with the other now that you mention it... haha -- ℐℴℯℓ ℳ. ℂℌAT ✐ 03:28, 13 August 2010 (UTC)
Crypto++ Versions With FIPS Validation (Dates)
editDoes anyone object to adding a date column to the table Crypto++ Versions With FIPS Validation? If so I can (or feel free to) gut it.
Jeff Noloader (talk) 23:10, 12 August 2010 (UTC)
- Do you have a source for the dates that isn't www.cryptopp.org? ;) lol -- ℐℴℯℓ ℳ. ℂℌAT ✐ 02:02, 13 August 2010 (UTC)
- I actually resisted the urge and pulled the dates from NIST's site (which is probably just as bad).
- Jeff Noloader (talk) 03:16, 13 August 2010 (UTC)
- nist.gov is a lot stronger source than Crypto++ any day of the week when it comes to certification details, unless Dai works for the immigration department, in that case, anything Dai says goes. ¿Sabes lo que estoy diciendo? -- ℐℴℯℓ ℳ. ℂℌAT ✐ 04:51, 13 August 2010 (UTC)
Wikipedia article traffic statistics
editWikipedia article traffic statistics (can be found at the top of 'View History', 'Page View Statistics')
"Crypto++ has been viewed 1400 times in 201008."
201008 is an odd way to refer to time. Might this be considered a bug in the software?
You can remove this notice at any time by removing the {{Talkback}} or {{Tb}} template.
Jeff Noloader (talk) 23:21, 12 August 2010 (UTC)
- No bug, it just became very unreadable when 2010 rolled in. It's supposed to be [year][month]. So December 2009 becomes: 200912, Jan 2005 becomes: 200501, and August of 2010 becomes: 201008. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 01:59, 13 August 2010 (UTC)
Agorithms (Table Heading)
editI tired changing the table heading to something generic yet descriptive heading (algorithm is more closely related to implementations). Anyway I look at it, its awkward..... Ryan/Zoohouse: Any suggestions? —Preceding unsigned comment added by Noloader (talk • contribs) 23:54, 12 August 2010 (UTC)
- F**k the Sinebot. Realizing I forgot the signature, I added a signature, and added a detailed explaination for the changes, which were lost in conflict because Wikipedia wants to f**k with people who are signed in rather than simply adding their signature.
- LMAO! You should have Sinebot read this. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 00:07, 13 August 2010 (UTC)
- Have you thought about making 4 columns?
Primitive | Operation | Algorithms | Implementations |
---|---|---|---|
BLA BLA | - | - | BLA BLA |
- | BLA BLA | BLA BLA | - |
BLA BLA | BLA BLA | BLA BLA | BLA BLA |
BLA BLA | - | - | BLA BLA |
-- ℐℴℯℓ ℳ. ℂℌAT ✐ 00:06, 13 August 2010 (UTC)
- Its not so much a question of two colums versus four, its more like trying to find the perfect word for the column headers. Roughly speaking, Primitive and Operation describe the same thing. Also, Algorithm and Implementation can be taken to mean the same thing in this context.
- Why not just call it Operation and Algorithms then? -- ℐℴℯℓ ℳ. ℂℌAT ✐ 01:45, 13 August 2010 (UTC)
- Indeed - the article you showed me earlier ("Comparative Analysis of Software Libraries for Public Key Cryptography") calls the 'crypto things' (the left column) "primitives and schemes".
- JeffNoloader (talk) 03:32, 13 August 2010 (UTC)
- > Why not just call it Operation and Algorithms then?
- I'm not opposed to it. Crypto is like the network world: everybody has a different name for the same thing. But in the Crypto world, its worst at times: there are minor - but important - distinctions among very similar terms. For example (to demonstrate the obtuseness): non-predictable IV versus random-IV versus secure IV (courtesy of SSL/TLS). To the layman/beginner/uninitiated, they are just IVs.
- In the same vein, a collection of 'crypto things' might be called a primitive, or might be called an operation. For example, encrypting with a block cipher is a transformation or operation, while an authenticated encryption (encryption using a particular mode - CCM, GCM, EAX, etc) is a primitive.
- Its the wild, wild west.....
- Jeff Noloader (talk) 03:13, 13 August 2010 (UTC)
- Ok so if I were to take a intro to crypto course at school, which term would I'll be more likely to run into? -- ℐℴℯℓ ℳ. ℂℌAT ✐ 03:31, 13 August 2010 (UTC)
Table Headings (Capital versus Sentence Case)
editWhat are the rules for capitalization? When I learned it (circa 25 years ago), titles and the like were in capital letters. Now, because everyone wants to tweet, bity, and 'send it from a cell phone', the norm appears to be sentence case.
We have two different styles among three tables.
Jeff Noloader (talk) 00:05, 13 August 2010 (UTC)
- The Manual of Style has the official suggestions but pick one you like more and convert them to it I guess..
- I did not specifically find an entry for table captions (Wikipedia:Manual of Style). I think the next best thing would be the style of titles, which is sentence case (Wikipedia:Manual of Style#titles.5BR.5D).
- That will work, the important thing is that the article is uniformed. As long as all the tables follow the same rules, you're good. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 01:50, 13 August 2010 (UTC)
- Its actually specified as sentence case on a different page (Wikipedia:Manual_of_Style_(tables)#Captions_and_headings)
- Jeff Noloader (talk) 04:49, 13 August 2010 (UTC)
Talk page Archive
editWe need to seriously start looking into having these conversations archived, the talk pages are getting too long. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 00:10, 13 August 2010 (UTC)
- No problem. You can probably get Sinebot to wipe the entire plate with a well placed conflict.
- Jeff Noloader (talk) 00:12, 13 August 2010 (UTC)
I've just archived some. Feel free to drag any more that need it over there - we can set up mizabot if it starts catching on over time.... Ryan Norton 00:16, 13 August 2010 (UTC)
Back to other duties
editHi Ryan/Zoohouse,
I've got to get back to other duties, so I'm not going to have the same amount of time available.
It was great working with you guys on this. I learned a lot. Thanks for the help (and the hand-holding when required).
External links modified
editHello fellow Wikipedians,
I have just modified 4 external links on Crypto++. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20110721010610/http://www2.lifl.fr/SERAC/downloads/attacks-olsr-dkm.pdf to http://www2.lifl.fr/SERAC/downloads/attacks-olsr-dkm.pdf
- Added archive https://web.archive.org/web/20110721010610/http://www2.lifl.fr/SERAC/downloads/attacks-olsr-dkm.pdf to http://www2.lifl.fr/SERAC/downloads/attacks-olsr-dkm.pdf
- Added archive https://web.archive.org/web/20110721134907/http://softlab-pro-web.technion.ac.il/projects/cryptoppopt/html/projectBook.html to http://softlab-pro-web.technion.ac.il/projects/cryptoppopt/html/projectBook.html
- Added archive https://web.archive.org/web/20110721134907/http://softlab-pro-web.technion.ac.il/projects/cryptoppopt/html/projectBook.html to http://softlab-pro-web.technion.ac.il/projects/cryptoppopt/html/projectBook.html
- Added
{{dead link}}
tag to http://volgenau.gmu.edu/~kgaj/publications/conferences/GMU_SPEED_2007.pdf
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 02:24, 15 August 2017 (UTC)