[Cryptech Tech] Avalanche noise test boards

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Aug 23 14:04:50 UTC 2014

Previous message: [Cryptech Tech] Avalanche noise test boards
Next message: [Cryptech Tech] Avalanche noise test boards
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Benedikt Stockebrand <bs at stepladder-it.com> writes:

>what I'm somewhat disappointed about is that they still use Yarrow; it's been
>ten years ago or so that Schneier et al. proposed Fortuna as its successor,
>due to some rather nasty limitations of Yarrow.

Both Yarrow and Fortuna assume an extremely unlikely threat model (they
require an attacker to cooperate with the defender and behave in a specific
manner that allows the defender to repel them), which I can't see any rational
attacker doing.  So all you really need is a PRNG of some sort, and whether
that's Yarrow, Fortuna, or HKDF doesn't really matter (I like HKDF since it's
well-analysed and has established security bounds, but that's just a personal
preference).  In any case though Yarrow vs. Fortuna doesn't make much, if any,
difference.

Peter.

Previous message: [Cryptech Tech] Avalanche noise test boards
Next message: [Cryptech Tech] Avalanche noise test boards
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list