Am Freitag, 29. Januar 2016, 10:04:44 schrieb Russ Housley: > > https://fcw.com/articles/2016/01/28/crypto-nist-generator.aspx > > This is a significant improvement over the past, where NIST has a very short > list of approved PRNG algorithms, and the only place a vendor could > innovate was the way the selected algorithm got seeded.
Oh, there was another possible way to be innovative: How to backdoor the PRNG without being noticed ;-). E.g. on the AES-based PRNG, you could swap entropy input and counter intput (counter=key, entropy=source), and still produce something that would pass every random number test, but is fully predictable from the outside... So far, the new stuff looks promising. Access to noise source and entropy directly is definitely a big improvement. In the entropy tests I miss those I do first (because they quickly spot problems): histogram and FFT. Given that SHA-3 is a NiST-based standard, and Keccak offers a combination of conditioner and DRBG expander as a single building block, it's a bit strange that it wasn't added into the recommendation. Just Dual_EC_DRBG was dropped... Does that mean the NSA does not like using Keccak in this mode? -- Bernd Paysan "If you want it done right, you have to do it yourself" net2o ID: kQusJzA;7*?t=uy@X}1GWr!+0qqp_Cn176t4(dQ* http://bernd-paysan.de/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
