Re: Bug#760857: mksh shoould not export $RANDOM
On 09/12/2014 10:02 PM, Thorsten Glaser wrote: tl;dr: We probably should simplify the code (...) Something I really want is a sponge construct, like Keccak, but one where you can constantly write to and read from. Spongy rc4 by Rivest himself at people.csail.mit.edu/rivest/pubs.html#RS14 - slides at http://crypto.2014.rump.cr.yp.to/3de41b60e32a494c8f0fc9c21c67063a.pdf The author says it's stronger than RC4, so (even if it hasn't been significantly analyzed yet) it's more than good enough for mksh since $RANDOM will never protect sensitive data; it also looks a lot simpler than keckak and doesn't force you to look at chacha20 if you really hate it :) (...) bye, //mirabilos See you
Re: Bug#760857: mksh shoould not export $RANDOM
Lorenzo dixit: The author says it's stronger than RC4, so (even if it hasn't been significantly analyzed yet) it's more than good enough for mksh since $RANDOM I’m currently of the mind to just not put any crypto code into mksh, and just use the LCG unless the OS ships with a very convenient arc4random() function. KISS, and all. So, I’m most definitely n̲o̲t̲ looking for algorithms. bye, //mirabilos -- [...] if maybe ext3fs wasn't a better pick, or jfs, or maybe reiserfs, oh but what about xfs, and if only i had waited until reiser4 was ready... in the be- ginning, there was ffs, and in the middle, there was ffs, and at the end, there was still ffs, and the sys admins knew it was good. :) -- Ted Unangst über *fs
Spritz (was Re: Bug#760857: mksh shoould not export $RANDOM)
Dixi quod… So, I’m most definitely n̲o̲t̲ looking for algorithms. That being said, after having read http://crypto.2014.rump.cr.yp.to/3de41b60e32a494c8f0fc9c21c67063a.pdf and the first ten pages (up to beginning of chapter 4) of http://people.csail.mit.edu/rivest/pubs/RS14.pdf I’m impressed (the stop symbol especially) and could consider making this the basis of an aRC4 replacement. The documentation appears good enough for implementing it myself, and it may be possible even to implement it in constant-time which is important in crypto nowadays. Its 1732 bit state beats the about 1700 bit of aRC4, too ;) although that is due to the increase in registers. bye, //mirabilos -- dileks ch: good, you corrected yourself. ppl tend to tweet such news immediately, sth. like grml devs seem to be buyablech dileks: we _are_. if you throw enough money in our direction, things will happen mika everyone is buyable, it's just a matter of price mrud and now comes [mira] and uses this as a signature ;0 -- they asked for it…
