[Cryptech Tech] Some thoughts and questions on the RNG strategy
Fredrik Thulin
fredrik at thulin.net
Fri Feb 7 10:36:04 UTC 2014
On Friday 07 February 2014 10.38.24 Joachim Strömbergson wrote:
...
> But again - we as a team must decide on what we will use as CSPRNG.
> DRBG-CTR based on AES-256 is a good choice.
I don't know whether to trust ChaCha or DRBG-CTR most.
I don't know whether noisy diodes or SRAM based entropy sources would be best.
Can I have more than one, please?
To me, ideally, the cryptech HSM shouldn't be too set on any one entropy
source or processing algorithm, although I realise that there might be both
knowledge- and technical reasons to limit end users choices here.
Joachim, you've previously slapped me silly when trying to draw ASCII diagrams
of randomness processing =), but can't we have something functionally like
this :
good source 1 ---> ChaCha ------+
+----> randomness
good source 2 ---> DRBG-CTR ----+
I'm not going near the debate about what is a good source. I hope those could
be modular rather than set in stone.
/Fredrik
More information about the Tech
mailing list