Niels Möller <nisse-samgb31n2u5icsjq0eh...@public.gmane.org> writes:
> Simon Josefsson <si...@josefsson.org> writes: > >> Fortuna is newer but I wonder if anyone will ever use Nettle to >> implement this functionality? Maybe the Nettle documentation could >> suggest that anyone considering Yarrow should research alternatives >> first. > > Do you know what GnuTLS uses for randomness? LSH (my SSH implementation) > uses Nettle's yarrow, but I guess that's rather obscure now. GnuTLS these days has its own RNG stack which is more complex than what Nettle provides natively. https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/rnd.c https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/sysrng-linux.c >> DRBG-CTR is strange in several ways (e.g., non-uniform seeds), to the >> point of being unsafe since it is easy to misuse it. > > Is that detailed in the paper you link to? The details and assumptions are clear from the NIST spec, but the subjective opinion that it is easy to mis-use is my own. >> Considering Dual-EC-DRBG, perhaps standardizing "problematic" prng's >> was a design goal with 800-90A, and in that case the DRBG-CTR designs >> makes a whole lot more sense and would be an appropriate algorithm. >> >> Maybe it should only be added as internal functionality to Nettle... > > It could be documented with caveats (usage for anything but tests > discouraged, with some brief motivation and/or pointers to references on > how it's bad), motivated by applications that need to comply with that > standard. Or mentioned but undocumented in a similar way as the > knuth_lfib generator. Or kept completely internal. > > Since the interface (of the subset you support) is rather simple, and > according to Joachim there are some use cases, I'd lean towards > documenting it. My initial patch contained documentation. While it can always be expanded a lot more, I can't think of any further modifications. /Simon
signature.asc
Description: PGP signature
_______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
