[Cryptech Tech] Avalanche noise test boards

[Bernd Paysan]

Am Samstag, 23. August 2014, 11:37:33 schrieb Benedikt Stockebrand:
> Hi Peter and list,
> 
> Peter Gutmann <pgut001 at cs.auckland.ac.nz> writes:
> > [FreeBSD /dev/{,u}random]
> > 
> >  Still, preprocessing with Yarrow gets my grunt of
> > 
> > approval :=).
> 
> what I'm somewhat disappointed about is that they still use Yarrow; it's
> been ten years ago or so that Schneier et al. proposed Fortuna as its
> successor, due to some rather nasty limitations of Yarrow.

Well, and the world moved since the last 10 years.  Which is why I would use 
Keccak as PRNG today:

http://sponge.noekeon.org/SpongePRNG.pdf

The point here is that if you have verified that your cryptographic primitive 
works well as hash, you have done all the hard work, because hashes are really 
difficult (you know input and output, there's no secret, and yet, you should 
not be able to break them).

You can seed that whenever you want, with as much data as you want (just feed 
in all the output of the noise sources), and fetch as much data as you want 
without generating cycles (the cycle probabilitiy of Keccak in squeeze mode is 
1/2^750).

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cryptech.is/archives/tech/attachments/20140823/a879f0f5/attachment.sig>