These seem like really good mitigations to make a userland RNG safe. But makes me wonder why they don’t just use a kernel RNG.https://aws.amazon.com/blogs/opensource/better-random-number-generation-for-openssl-libc-and-linux-mainline/ …
-
-
I hope they do HMAC and not CTR. I think using invertible functions for RNGs is a dangerous idea. Too easy to break the rekeying logic and get a beautiful backdoor.
-
HMAC is considerably slower, even with SHA extensions, and Prediction Resistance is supposed to mitigate that, which is how all of the implementations so far have settled on AES_CTR or ChaCha20.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.