EDP (entropy distribution protocol), userland PRNG design
Eric Rescorla
ekr at rtfm.com
Sun Feb 5 01:19:16 EST 2006
"Travis H." <solinym at gmail.com> writes:
> On 2/4/06, Eric Rescorla <ekr at rtfm.com> wrote:
>> Look, this design just reduces to a standard cryptographic PRNG with
>> some of the seed being random and periodically being reseeded by the
>> "random" network stream you're sending around. There's no need to
>> worry about the integrity or confidentiality of the "random" stream
>> because anyone who controls the network already knows this input. The
>> only information they don't have is your "random" private key.
>
> How do you figure? If the random stream conveys 1kB/s, and I'm
> reading 1kB/s from /dev/random, and the network traffic is not
> observed, then I am not stretching the bits in any way, and the result
> should be equivalent to reading from the HWRNG, right?
Well, for starters the assumption that nobody is monitoring the
network traffic is in general unwarranted.
However, the equivalence (or lack thereof) to a HWRNG depends entirely
on the details of the mixing function in /dev/random, network
buffering, etc. But since /dev/random is basically a PRNG, it's
not clear why you think there's any difference between your and
my designs.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list