[Cryptech Tech] DRBG for the RNG?
Basil Dolmatov
dol at reedcat.net
Tue Feb 25 04:30:05 UTC 2014
24 февр. 2014 г., в 21:49, Joachim Strömbergson <joachim at secworks.se> написал(а):
> Aloha!
>
> Dol@, what is your view on suitable DRBG for the RNG. AES-256 in CTR mode only or something else? What would you use.
I would use true random source (noise) and feed the recurrent polynomial with it,
;)
>
> We have previously talked about ChaCha as a possible DRBG. One thing Adam Langley etc are advocating is to use 96 bit nonce and 32 bit counter instead of 64/64. The change in split adds uniqueness to the cipher setup, but forces faster reseed since only 2**32 output blocks can be generated. I don't see reseeding as a big problem though.
Technology which takes not truly random source and uses block ciphers for "equalizing" the entropy opens a great field for investigation of its (block cipher) properties and possible usage of possible linearities,
I will not even try to guess what would be the result of this thorough investigation for given ciphers, but I know several cases, when this investigation was successful. ;)
dol@
More information about the Tech
mailing list