[Cryptech Tech] Avalanche noise test boards
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Aug 23 14:04:50 UTC 2014
Benedikt Stockebrand <bs at stepladder-it.com> writes:
>what I'm somewhat disappointed about is that they still use Yarrow; it's been
>ten years ago or so that Schneier et al. proposed Fortuna as its successor,
>due to some rather nasty limitations of Yarrow.
Both Yarrow and Fortuna assume an extremely unlikely threat model (they
require an attacker to cooperate with the defender and behave in a specific
manner that allows the defender to repel them), which I can't see any rational
attacker doing. So all you really need is a PRNG of some sort, and whether
that's Yarrow, Fortuna, or HKDF doesn't really matter (I like HKDF since it's
well-analysed and has established security bounds, but that's just a personal
preference). In any case though Yarrow vs. Fortuna doesn't make much, if any,
difference.
Peter.
More information about the Tech
mailing list