Talk:Crypto++/Archive 1

Latest comment: 14 years ago by Zoohouse in topic Wei Dai
Archive 1

A major contributor to this article...

A major contributor to this article appears to have a close connection with its subject.

Wiki got me on this one - I am a user of the library. Since the library has been around for 15 years or so, it only seemed appropriate that it receive official wiki page so that it can be cited as OpenSSL, TrueCrypt, Botan, etc.

I should also mention I am an avid cryptography user, and not just a Crypto++ user. My last 6 months have been spent working in OpenSSL.

I'd also like to mention that Wiki and its readers have benefited from my contributions in the past, the most recent being Block cipher modes of operation. Put another way, I did not create a wiki account this morning so I could post an article this afternoon.

Jeffrey Walton Noloader (talk) 03:02, 9 August 2010 (UTC)

Did you take part in the Crypto++ team in any way other than as a regular user? I believe that's the accusation made. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 03:33, 10 August 2010 (UTC)
Crypto++ does not have a development team per se (sources are tightly controlled by Wei Dai). I have submitted patches/bug fixes and answered questions on the mailing list.
In the past, I tried to stay very active with the beginners since its easy to get cryto wrong. But I find I have less timne for the endeavor. I'm a big privacy advocate, and do whatever I can to help secure information, especially from governments (in my view, oppressive governments and free government (with gestapo legislation such as the PATRIOT Act) can be/are equally dangerous).
Jeffrey Walton 65.201.171.178 (talk) 19:41, 10 August 2010 (UTC)

Lacking: sources and references...

It needs sources or references that appear in third-party publications...

Agreed. The initial submission had no sources, citations, or references. I did not give Toddst1 much of a choice....

Jeffrey Walton Noloader (talk) 03:34, 9 August 2010 (UTC)

Additional references or sources...

It needs additional references or sources for verification

This is kind of tough, but I'll give it a try. Below is a sample of both Wei Dai and Crypto++. Wei is a well respected cryptographer with an impeccable international reputation (NPOV!!!). Not all of below is appropriate for the wiki page (even though it seems to satisfy the citation requirement).

Jeffrey Walton Noloader (talk) 03:31, 9 August 2010 (UTC)

Notability of the article...

The notability of this article's subject is in question.

This one is definitely tough. From the citations above, I hope that the Wiki staff can appreciate the novelty of the library.

I know its a *very* lame argument, but Crypto++ seems no less notable than other similar libraries, such as OpenSSL, TrueCrypt, and Botan. To play devil's advocate (because this argument is *so* lame), Bouncy Castle does not appear to have a Wiki page (http://www.bouncycastle.org/). (Note that all mentioned libraries are cryptographic libraries).

Jeffrey Walton Noloader (talk) 03:41, 9 August 2010 (UTC)

Non-neutral point of view

NPOV

I need help with this one, as I don't see where I lack/lost objectivity. As I'm only describing a cryptographic library and some of its accolades (and not commenting on the Gestapo legislation known as the PATRIOT Act), its hard to be passionate. Any suggestions would be greatly appreciated.

Jeffrey Walton Noloader (talk) 04:24, 9 August 2010 (UTC)

The beginning of the article has a NPOV issue in the sentence:
'Crypto++' is a free, open source, high performance, C++ class library of cryptographic algorithms and schemes written by Wei Dai.
Who thinks this library is, "high performance," you, Wei Daij, or the general public? Since there is no evidence, sources, that the majority of the people think of this library as being high performance, you shouldn't describe it as such. That's one example of not keeping a NPOV.
This probably seems super trivial, especially when you know it to be true, but it's important to keep the tone of the article as npov as possible. Now, if you find an article in a scientific journal commenting on the performance of this library, by all means, add it! ;-)
Hope that helps. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 03:26, 10 August 2010 (UTC)
Got ya. It will resolved today when I have some time.
Jeffrey Walton 65.201.171.178 (talk) 16:48, 10 August 2010 (UTC)

The Algorithms section can really use a table.

If someone can build a table for the Algorithm section it would be great. I would do it my self if I was any good at it. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 03:09, 10 August 2010 (UTC)

OK. It will be resolved later today when I get some free time.
Jeffrey Walton 65.201.171.178 (talk) 16:48, 10 August 2010 (UTC)
Done
Jeffrey Walton 65.201.171.178 (talk) 20:24, 10 August 2010 (UTC)
I improved the table a tad by adding a caption and table headings. Can someone check to see if I added the table headings on the correct column? Thanks. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 01:14, 11 August 2010 (UTC)

References would be clearer with ...

Its references would be clearer with a different or consistent style

We tried to use the reference style from Wikipedia:Footnotes. Specifically, http://en.wikipedia.org/wiki/File:WP-Footnotes_illustration.jpg was used as a blue print. Admittedly, its been over 20 years since I've had to write a high school or college paper. Is there a more appropriate style that should be used? Or did I simply fail at the ref style?

Jeffrey Walton 65.201.171.178 (talk) 16:54, 10 August 2010 (UTC)

I wouldn't worry about this too much, technically any acedemic style is fine; the preferred way is to use citation templates like: <ref>{{cite web|url=[...]|title=[...]|work=[...]|publisher=[...]|date=[...]|accessdate=[...]}}</ref> - see Template:Cite web for documentation and this edit of mine as an example - as it does the dirty work for you. Also, another note is to be sure to put them at the end of a sentence, but again that's not a big deal at this point.
OK. Thanks. (Putting them at the end does look 'cleaner').
Jeff Noloader (talk) 23:02, 10 August 2010 (UTC)
Migration from <ref>...</ref> to <ref>{{cite web...}}</ref> is complete. I believe that makes the style consistent.
Jeff Noloader (talk) 03:14, 11 August 2010 (UTC)
Well done - great job! Ryan Norton 03:46, 11 August 2010 (UTC)
Opps! I think I just added a ref with <ref>...</ref>. lol I'll fix it in a minute, I have been stareing at a computer screen all day today. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 22:44, 11 August 2010 (UTC)

The Resources section

The Resource section of the article doesn't make too much sense to me. Is this section supposed to discuss the Crypto++ project? There's information in there about mailing lists used by the mantainers of the Crypto++ library and stuff... Not too sure how this section is supposed to relate to the Cryto++ library...

-- ℐℴℯℓ ℳ. ℂℌAT ✐ 00:43, 11 August 2010 (UTC)

Yeah, its link-heavy and almost unreferencable as well. Ryan Norton 00:45, 11 August 2010 (UTC)
Right, not to mention that it isn't very encyclopedic. Is there something significant about the mailing list or wikis that the Crypto++ project uses that a user should know? If not, then it should be taken out. I vote to remove the section. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 00:52, 11 August 2010 (UTC)
Yep - it's a nice self-help section, but it is not encyclopedic currently; removed, here for reference:
Resources

Crypto++ provides a number of resources to users of the library. The earliest resources were the Crypto++ FAQ and mailing list, which are still available today. Mailing list archives can be found at The Mail Archive and Nabble. The mailing list has evolved into a users group located at http://groups.google.com/group/cryptopp-users.

Online library documentation is generated from source code using doxygen and is available at http://www.cryptopp.com/docs/ref/. One of the more useful pages is the class reference located at http://www.cryptopp.com/docs/ref/classes.html.

Finally, Crypto++ also maintains a wiki located at http://www.cryptopp.com/wiki/. The Crypto++ wiki includes topics such as library design, cryptographic best practices, sample code, and sample downloads.

Ryan Norton 00:58, 11 August 2010 (UTC)

I almost pulled the plug on it (and Downloads) two days ago. I had a feeling both were a bit off the mark.
Jeff Noloader (talk) 01:05, 11 August 2010 (UTC)

Citations 1 - 7

Do footnotes 1 - 7 all relate to the opening sentence of the article? Does the opening sentence really need all those sources? What happened there? LOL -- ℐℴℯℓ ℳ. ℂℌAT ✐ 05:39, 11 August 2010 (UTC)

I might have taken a defensive position when the article was in jeopardy. At least I did not add at 70-or-so citations found in scholar.google.com ;)
Jeff Noloader (talk) 07:23, 11 August 2010 (UTC)
Removed two academic citations. I believe that leaves (2) academic citations, (1) student project citation, (2) non-commercial project citations, (2) commercial projects citations, and (1) ctiation with crypto heavy weights Bruce Schneier, David Wagner, John Kelsey, and Chris Hall (I am not familiar with C. Hall, but I did not want to insult him).
My thinking was that a single citation will not satisfy doubters (such as User:Toddst1, no stones thrown), so two each were used from the sampling of academia, open source, commercial, etc.
Jeff Noloader (talk) 17:17, 11 August 2010 (UTC)
Oh. lol
Having a lot of sources, especially independently sources that complement each other is awesome, but having all those sources as seperate footnotes stringed behind a sentence tends to make the article hard to read.
I'll clean it up and try to get all the sources left over into one footnote. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 17:50, 11 August 2010 (UTC)
Ok I consolidated the 4 sources that were left over into one footnote. Looks cleaner but still has the 4 sources if anyone is interested in them. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 17:59, 11 August 2010 (UTC)
Thanks - it looks much nicer.
Jeff Noloader (talk) 18:10, 11 August 2010 (UTC)

See Also (Transport Layer Security)

I'm not sure 'Transport Layer Security' would make the top of my list for 'See Also'. Crypto++ is a bit lower in the proverbial stack than a socket. (Unlike OpenSSL, which is a socket library and makes its cryptographic routines available).

Jeff Noloader (talk) 19:23, 11 August 2010 (UTC)

Not sure what you mean. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 21:51, 11 August 2010 (UTC)

It's... uh... technical. I'd explain, but it's pointless now as I agree and removed it ;p. Ryan Norton 22:48, 11 August 2010 (UTC)

Wei Dai

I believe that Wei has a PhD, but I've never gone searching to verify (I'm principally opposed to the practice since I'm a privacy advocate - kinda like a Vegan eating meat).

Jeff Noloader (talk) 22:59, 11 August 2010 (UTC)

I have to search and see. If I can't find more information about Mr. Dai. If I can't find any more, the section may need to be scraped.
OK. I don't know that much about him outside the time zone he is in, so I probably won't be much help even if it were a requirement for the article. He tends to stay private, and I try to respect it. (I did ask once if he was a PhD, but he never answered.)
Jeff Noloader (talk) 02:21, 12 August 2010 (UTC)
I think the section with my biographical information should probably be deleted. According to Wikipedia:Divulging personal details, "Facts that are not verifiable from a reliable source should probably be left out." It seems to me that an old press release from an Internet start-up does not constitute a reliable source. :) --Weidai (talk) 04:18, 12 August 2010 (UTC)
Well age doesn't make a difference on reliability because if it did, then we wouldn't be able to trust any historical event. As to it being a press release from a start up, Votehere.net is a company that has been around for what, 11 years now... Not to mention that they deal with voting over the internet, which means they have a special invest in cryptography...
Of course, writing a short bio based on one press release wouldn't be appropriate. Like I mentioned before, if more reliable source can't be found, the short bio will be scraped. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 05:04, 12 August 2010 (UTC)

Guild of Copy Editors - Auguest

I went ahead and got the article listed on the Guild of Copy Editors. Someone will be here soon to fix up the grammar/spelling/pros of the article. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 04:59, 11 August 2010 (UTC)

Criticism

The article is off to a great start, a lot of great info on the library.

One thing that is missing and I wish it will be added one day is criticism of the Crypto++. Perhaps oposing views that believe the library isn't what it's all cracked up to be or people who specifically point to Crypto++ as being the source of some kind of problem... Even if the opposing view points don't hold much wight, it's healthy in an article to voice both sides. Some thoughts. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 06:11, 11 August 2010 (UTC)

That's easy - (1) lack of documentation/self documenting source code, and (2) heavy use of templates make it difficult (if not impossible) for a beginner. I still have problems chasing all the templated arguments. Citations might be difficult to find if I can't use people's complaints from the mailing list.
Jeff Noloader (talk) 07:26, 11 August 2010 (UTC)

Yeah, something like this, just not a blog. Ryan Norton 16:19, 11 August 2010 (UTC)

I like how the site compares the code of the two libraries. It would be cool to have a similar thing in the article that shows snippets of the Crypto++ code. Not now though, it would be wise to wait until the article matures more first. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 17:46, 11 August 2010 (UTC)
For the record, the comment bg 'CQ' ("Crypto++ is a complete library with a great documentation!") was not me ;). I think the docs are pretty lame at times.
Jeff Noloader (talk) 18:13, 11 August 2010 (UTC)

Crypto++ is eligible for export - Problem

There is a problem with the line that I placed below. The source that it refers to states, "Source code, on the other hand, is a bit freer. As long as it's not subject to an onerous license and as long as you email the site's address to the Commerce Department, Web posting appears to be permitted." [made bold for emphasis]

The Crypto++ library is eligible for export to other countries from the United States of America only in source code form since it satisfies the respective requirements of the Bureau of Export Administration (BXA) in the US Department of Commerce.[1]

The article doesn't make any claims that Crypto++ satisfies the BXA regulations or that Crypto++ is eligible for export. Also, the article was written in the Clinton era (10 years ago). Is there any new information about this issue since then?

I'm going to go ahead and remove the claim from the article. This fact needs to be rewritten before it can be published on the article. The copy above can be used as a reference for rewriting. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 18:30, 11 August 2010 (UTC)

No argument here.
Jeff Noloader (talk) 18:39, 11 August 2010 (UTC)

More information from Wikipedia about U.S. Export laws regarding cryptography Cryptography#Export_controls. -- ℐℴℯℓ ℳ. ℂℌAT ✐ 18:49, 11 August 2010 (UTC)

Archive 1