[Cryptech Tech] Some thoughts and questions on the RNG strategy
Joachim Strömbergson
joachim at secworks.se
Fri Feb 7 12:18:23 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
Randy Bush wrote:
>> good source 1 ---> ChaCha ------+ +----> randomness good source 2
>> ---> DRBG-CTR ----+
>
> to repeat smb's question, has there been a good output analysis of
> these two?
Yes. I can dig up tests of DRBG-CTR, but there are quite a few of those.
It basically comes down to analysis of the CTR-mode.
For ChaCha, see one of the previous mails this morning. That I wrote
then was:
The reason for suggesting ChaCha is that it is based in Salsa20, which
has been analyzed quite a lot through the eSTREAM project (where it was
selected as one of the ciphers in the portfolio). And also because it
has been designed to have little side channel leakage and is very fast
even in slow and cheap FPGA chips.
IACR ePrint Archive lists only two papers with analysis on ChaCha:
http://eprint.iacr.org/2012/065
http://eprint.iacr.org/2007/472
And then of course DJB provides some analysis himself:
http://cr.yp.to/chacha.html
My take on the state of ChaCha is that it is fairly well analyzed and
has provenance from Salsa20, HAIFA and the ARX constructions that makes
it pretty trustworthy. That is why we are proposing it as a replacement
for RC4 in TLS:
https://datatracker.ietf.org/doc/draft-mavrogiannopoulos-chacha-tls/
But again - we as a team must decide on what we will use as CSPRNG.
DRBG-CTR based on AES-256 is a good choice.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJS9M8PAAoJEF3cfFQkIuyNdOgP/3hHLngb1T55GJ6nPa/b5Csj
CWP+F6fiWt/ruaqgUkG3bNKRhdfw4wAdlN5BekJJGDBPiF3/7KrpZ/azR2571lmm
Qq5mVr/ktVIzFl21FIyl+0gMP3shlb5mNv4ci0THMMMXpa/1TOHQq/uruAAeeOGn
hfV/oEg6JLmnQ7CP8NaJNaDB/doq01uoQBnEZvf5WYosUZ34h9kHswfjsFXRBm3Q
IGAIGh+hmKVldOQbIdEMHKFXlwBohYzZAEfGAWQx5dru48x1Rs43M9+Yq047hA8w
YBtuTTzrtxezCWPqobFjNsUsF74gS6tcAcCwmLzSXWRoL1eIg74bRIuso73tVbHi
pRbnjNEvoyEHvNWM5wZrCkdT/qSa9L2aRePWb/SObkimRir5Oh3sbv342mxydB1N
JpDCIMvFgZSkmbpU3ug1TWVPuWUNU619Rfp3bZAvb+30RDb/nE+j+pRPsnxzMhrz
1snwUjmXmuK6na3tq6Nb5nWHM1ino8XGqRg9rh1tQcWfkltYjHcai1OhOQEh+2ln
+zZF3pdrP9r0TR4nqF/CXYRq3MKed2AgozeZLfH6/hy2GwqwbqZDWVj60fp7Bxmf
pUnyQMo9zJSu9DX9vSXHR1tfFeAD9X0KbW2m5emW6qmv+ZvOI5SHGJWYdLAYdkX+
QMwlCkS7vtqdIQfePxlz
=2IBX
-----END PGP SIGNATURE-----
More information about the Tech
mailing list