I'll leave analysis of the crypto impact per se to others who know more, but given the amount of testing that the TRNG has already had (some of which we may not be able to repeat because it was done by third parties who may not volunteer to test a new version), there may be some value in considering the minimal necessary change. Which would appear to be replacing SHA-512 with SHA-256 along with the minimum set of changes necessary to support that, on the theory that members of the SHA-2 family are mostly interchangeable.
I'm not opposed to the more ambitious options Joachim proposed, just trying to find the right balance. What I most want out of the proposed revision is the ability to run the FPGA at 100MHz without breaking the good TRNG we already have; if we can get an even better TRNG and free up some resources, cool, but the issue that's really in our faces at the moment is the clock speed restriction. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
