Simon Josefsson writes:
> Please release 3.9 before looking at this! :-)
>
> This adds DRBG-CTR-AES256, what do you think?
I've merged this onto a branch add-drbg-ctr-aes256. I've made some
additional changes: use union nettle_block16 where that made sense,
rename Key -> key, fixed typo in
Simon Josefsson writes:
>>> DRBG-CTR is strange in several ways (e.g., non-uniform seeds), to the
>>> point of being unsafe since it is easy to misuse it.
>>
>> Is that detailed in the paper you link to?
>
> The details and assumptions are clear from the NIST spec, but the
> subjective opinion
Niels Möller writes:
> Simon Josefsson writes:
>
>> Fortuna is newer but I wonder if anyone will ever use Nettle to
>> implement this functionality? Maybe the Nettle documentation could
>> suggest that anyone considering Yarrow should research alternatives
>> first.
>
> Do you know what GnuTLS
Simon Josefsson writes:
> Fortuna is newer but I wonder if anyone will ever use Nettle to
> implement this functionality? Maybe the Nettle documentation could
> suggest that anyone considering Yarrow should research alternatives
> first.
Do you know what GnuTLS uses for randomness? LSH (my SSH
Niels Möller writes:
> Simon Josefsson writes:
>
>> This adds DRBG-CTR-AES256, what do you think?
>
> Thanks, I've had a first look.
Thanks for review!
>> + INCREMENT (AES_BLOCK_SIZE, V);
>> + aes256_encrypt (Key, AES_BLOCK_SIZE, tmp + 2 * AES_BLOCK_SIZE, V);
>
> You could perhaps use
Simon Josefsson writes:
> This adds DRBG-CTR-AES256, what do you think?
Thanks, I've had a first look.
> --- /dev/null
> +++ b/drbg-ctr-aes256.c
> @@ -0,0 +1,100 @@
> +/* drbg-ctr-aes256.c
> +static void
> +drbg_ctr_aes256_update (struct aes256_ctx *Key,
> + uint8_t *V,
+0200
Subject: [PATCH] Add DRBG-CTR-AES256.
---
Makefile.in | 6 +-
NEWS | 6 ++
drbg-ctr-aes256.c| 100 +++
drbg-ctr.h | 69 +
nettle.texinfo