cvs commit: src/sys/modules/random Makefile src/sys/dev/random
randomdev.h randomdev_soft.c randomdev_soft.h yar
Nate Lawson
nate at root.org
Sat Apr 10 15:55:41 PDT 2004
On Sat, 10 Apr 2004, Mark Murray wrote:
> Richard Coleman writes:
> > > If it is felt that further whitening of the VIA C3 RNG is needed,
> > > then I believe that Yarrow would be overkill, and that a much smaller
> > > hash function will be sufficient.
> >
> > What do you have in mind? AES is already one of the faster ciphers
> > around. You could reduce the number of rounds used for AES, but it
> > would be hard to estimate the cryptographic strength.
>
> The C3 chip has AES on board, so something like this may do the trick:
>
> key = C3RNG();
> seed ^= C3RNG(); /* seed is static */
> output = encryptAES(key, seed);
How much assurance is gained in designing a new PRNG that duplicates an
existing PRNG already available and is used with only one source of
entropy?
> Cryptographic strength is of lesser importance here, as the key
> input is Very Nicely Random(tm), however AES's speed and spectral
> qualities make it a good choice. It is important to remember that
> the hash is purely there to destroy any trends/tendencies that the
> hardware generator may have, and for that purpose an LFSR may work
> just fine. The hash is a "Whitener", and its requirements here are
> that its output spectrum is flat.
An LFSR is not a cryptographic hash function. Do not use one to implement
a PRNG.
-Nate
More information about the cvs-src
mailing list