[botan-devel] Why is max_keylength_of() deprecated and how to avoid using?

Jack Lloyd lloyd at randombit.net
Fri Jun 24 13:08:30 EDT 2011


On Fri, Jun 24, 2011 at 09:04:34AM -0700, William K. Foster wrote:
> 
> Other than replicating this code, I see no way to avoid this deprecated
> interface, I do not understand why it should go away.
> 
> I have a name of algorithm and need its maximum keylength.

The issue is that the result this function is giving you isn't
necessarily correct. Currently it happens to be correct most of the
time, but there are several corner cases I know of where it will not
produce the correct result, and can envision that this will become
more rather than less common over time.

As an example, the basic implementation of CAST-128 supports keys
between 11 and 16 bytes long, and Blowfish 1 to 56 bytes long. But
OpenSSL's supports 1 to 16 bytes for CAST-128, and 1 to 72 for
Blowfish, and both of these are wrapped in the OpenSSL engine.
CryptoAPI's RC2 only supports 128 bit keys, where OpenSSL's and the
core libraries support a range. Etc, etc.

The reason all this is a problem is because you are not really asking
a question about the algorithm, but the specific implementation you
are going to try to use. This may be a subset, or in some cases a
superset, of what the 'official' algorithm definition says is
supported. So the real solution is to first get a specific
implementation, then ask it, then use it for whatever you were going
to use it for.

-J



More information about the botan-devel mailing list