EDP (entropy distribution protocol), userland PRNG design
Jason Holt
jason at lunkwill.org
Sat Feb 4 16:42:34 EST 2006
On Sat, 4 Feb 2006, Travis H. wrote:
> Suppose that /dev/random is too slow (SHA-1 was never meant to
> generate a lot of output) because one of these machines wishes to
> generate a large file for use as a one-time pad*. That leaves
> distributing bits.
* /dev/random's output is limited by available entropy, not the speed of sha1.
You want /dev/urandom instead.
* You're talking about a stream cipher, not a OTP, especially since an
attacker could see the "plaintext" over the network and would only need to
break the cipher to get at the "pad"
* It's dangerous to offhandedly propose stream ciphers, especially when we
have some tried and tested ones, and it doesn't really make sense to use them
as if they were OTPs, since then you get the benefits of neither
* Hash functions are comparably fast to ciphers anyway, and are plenty fast
for the application you propose:
[jason at erg] ~$ openssl speed sha1
Doing sha1 for 3s on 16 size blocks: 1718543 sha1's in 2.99s
...
[jason at erg] ~$ dc
1718543 20 *p
34370860
So sha1 generates 34Mbyte/sec, which is enough to saturate a gigabit ethernet
link in many installations.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list