[Cryptech Tech] Some thoughts and questions on the RNG strategy
Randy Bush
randy at psg.com
Thu Feb 6 10:43:31 UTC 2014
> http://iang.org/ssl/hard_truths_hard_random_numbers.html
thanks, good summary and darned readable
> http://blog.cr.yp.to/20140205-entropy.html
if you have a batter who can bat 1000, well 256, you don't need the rest
of the lineup. but where do you get that batter? djb's back pocket?
> The ChaCha cipher for example would provide up to 2**64 512 bit random
> words before reseeding, which would make requirements on the collection
> very low.
beyond my domain. but iang & ada, used chacha. different applications
would seem to need different diameter firehoses. she chose a large
amplifier. how big a collector input signal do you contemplate and what
is the max hose drain? that'll say a bit about amplification.
> The ChaCha cipher is very good in HW and is designed to be
> side-channel resistant.
nom nom.
> The question I have for you, is do we wan't to stay close to standards
> such as SP 800-90 or shall we follow our own path? Do we gain or lose
> trust?
nist still has a lot of credibility. but so does wide review of more
agile/recent designers.
> BTW: I will try and see if I can get DJB and/or other people to look at
> our proposal when we have some more substantial to show.
this is good! you wanna fly over to london to discuss with some ietf
crypto folk such as sean, russ, bellovin, ...?
does building two models give enough interesting testability, both of
the rngs as well as the downstream cyphers, to be worth the pain and
dangers of two?
randy
More information about the Tech
mailing list