Am 18.10.2015 um 03:20 schrieb Mobile Mouse: > On Oct 17, 2015, at 15:27 , Jeffrey Walton <[email protected] > <mailto:[email protected]>> wrote: >> >>> Open question: should the class file respond to DiscardBytes? I >>> kinda feel like it should be a nop, but there could be folks who >>> want to call it to increase their comfort level. >> The promise of DiscardBytes() is, well, to discard bytes. If this >> actually makes sense from a security standpoint or efficiency >> stand point is not at us to judge, or we wouldn't have created >> this function in the first place. If the user wants to discard >> 500 bytes, let him do this via DiscardBytes() or he'll just write >> DiscardBytes() himself. >> >> >> If I parsed this correctly, then you want DiscardBytes to perform the >> discard. > > It makes sense to be able to discard bytes from PRNG output, to make > cryptanalysis of such output harder. > > I don’t see any use in dropping bytes from a TRNG stream (even > considering the details of Intel implementation). a) I don't think it's our decision to allow or not allow doing pointless things. If the function is called "DiscardBytes" it should do exactly that or should be removed (which we can't due to the base interface). b) This is RdRand, which is a standard PRNG (AES-CTR-DRBG), although seeded by a TRNG, it may actually make sense to drop a few bytes here and there to counter cryptanalysis. I'd agree if it would be RdSeed which is the direct interface to the TRNG. > > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout.
-- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
