On Thu, Jun 7, 2018 at 11:59 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > I'd like to propose a new RNG for APR, based on a design from D.J. > Bernstein ([1]). > > Called "Fast-key-erasure random-number generators" by the author, it > requires 256bits (32 bytes) of initial entropy only, is fast, and > ensures Forward Secrecy. > > The current RNGs available in APR are: > 1/ apr_generate_random_bytes(); the wrapper around the system call, > 2/ apr_random_(in)secure_bytes(); the ones from "random/unix/apr_random.c". > > Both are obviously considered secure, but 1/ is usually not very fast > (and could block on some systems), and 2/ requires kilos of initial > entropy (taken from 1/ thus possibly blocking too). > Also the system RNG wrapped by 1/ is unlikely to return a great number > of bytes at once (256 max on some systems like BSDs), and better suits > as a source of entropy (like in 2/). > Neither ensures forward secrecy (AFAICT). >
I think the guts of 2) really needs to go, it is totally orphaned.
