[Cryptech Tech] DRBG for the RNG?
Joachim Strömbergson
joachim at secworks.se
Mon Feb 24 17:49:59 UTC 2014
Aloha!
Dol@, what is your view on suitable DRBG for the RNG. AES-256 in CTR mode only or something else? What would you use.
We have previously talked about ChaCha as a possible DRBG. One thing Adam Langley etc are advocating is to use 96 bit nonce and 32 bit counter instead of 64/64. The change in split adds uniqueness to the cipher setup, but forces faster reseed since only 2**32 output blocks can be generated. I don't see reseeding as a big problem though.
MVH
JoachimS
More information about the Tech
mailing list