[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] [RFC] random: add new pseudorandom number generator

On 10/2/2021 5:08 PM, Jon Callas wrote:
On Sep 16, 2021, at 20:18, Sandy Harris <sandyinchina AT gmail.com> wrote:
I have a PRNG that I want to use within the Linux random(4) driver. It
looks remarkably strong to me, but analysis from others is needed.

A good block cipher in counter mode makes a pretty-okay PRNG. I say pretty-okay only because I would like my PRNG not to be invertible. Iterated hash functions are better. However, they are slower, and a property you want in a PRNG is that it's fast. I did a system PRNG that was intentionally faster than arc4random() and close to linear-congruential because then there's no excuse for not using it. A mildly evil person would replace both of those with a fast real PRNG. (Mildly evil because if some user knew the internals and was counting on it acting the way the internals specified, they might be disappointed.)

How much entropy do you get out of it, and how much key material went into it?
The cryptography mailing list
cryptography AT metzdowd.com