Simon Josefsson writes:
> Fortuna is newer but I wonder if anyone will ever use Nettle to
> implement this functionality? Maybe the Nettle documentation could
> suggest that anyone considering Yarrow should research alternatives
> first.
Do you know what GnuTLS uses for randomness? LSH (my SSH
Simon Josefsson writes:
>> * SNTRUP761_CIPHERTEXT_SIZE: Probably right, even though I'm a bit
>> confused by the "ciphertext" terminology when there's no
>> corresponding plaintext.
>
> Yeah... I think this is actually an area that could do more work, since
> the output is combined but
Niels Möller writes:
> Simon Josefsson writes:
>
>> This adds DRBG-CTR-AES256, what do you think?
>
> Thanks, I've had a first look.
Thanks for review!
>> + INCREMENT (AES_BLOCK_SIZE, V);
>> + aes256_encrypt (Key, AES_BLOCK_SIZE, tmp + 2 * AES_BLOCK_SIZE, V);
>
> You could perhaps use
Niels Möller writes:
> Simon Josefsson writes:
>
>> No objection, but I find it challenging to come up with a revised patch
>> that I feel comfortable with in the near future. I'm not sure I even
>> understood what unused functions you noticed (and how?); that fix would
>> be easy to do.
Niels Möller writes:
>>> My take was that it would be nice to add sntrup761 to Nettle ASAP to
>>> stabilize API and establish support for the algorithm -- we can optimize
>>> or improve the implementation later on (there are many optimized
>>> implementations around for different architectures