Simon Josefsson <[email protected]> writes: > Fortuna is newer but I wonder if anyone will ever use Nettle to > implement this functionality? Maybe the Nettle documentation could > suggest that anyone considering Yarrow should research alternatives > first.
Do you know what GnuTLS uses for randomness? LSH (my SSH implementation) uses Nettle's yarrow, but I guess that's rather obscure now. > DRBG-CTR is strange in several ways (e.g., non-uniform seeds), to the > point of being unsafe since it is easy to misuse it. Is that detailed in the paper you link to? > Considering Dual-EC-DRBG, perhaps standardizing "problematic" prng's > was a design goal with 800-90A, and in that case the DRBG-CTR designs > makes a whole lot more sense and would be an appropriate algorithm. > > Maybe it should only be added as internal functionality to Nettle... It could be documented with caveats (usage for anything but tests discouraged, with some brief motivation and/or pointers to references on how it's bad), motivated by applications that need to comply with that standard. Or mentioned but undocumented in a similar way as the knuth_lfib generator. Or kept completely internal. Since the interface (of the subset you support) is rather simple, and according to Joachim there are some use cases, I'd lean towards documenting it. Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
