These seem like really good mitigations to make a userland RNG safe. But makes me wonder why they don’t just use a kernel RNG.https://aws.amazon.com/blogs/opensource/better-random-number-generation-for-openssl-libc-and-linux-mainline/ …
-
-
The problem is that prediction resistance and rekeying are both easy to turn off, and then you get an undetectably broken PRG with efficient state recovery.
-
This is a rarified concern but after Juniper and Fortinet I’ve come to assume that there are people deliberately screwing with (some) PRGs.
- 2 more replies
New conversation -
-
-
I'd love to see a new DRBG algorithm though that uses HMAC or HKDF, includes fast-key-erasure (as DJB calls it), and has test vectors etc. The more recent NRBG definitions from SP800-90C seem awful, no use at all.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.