[Cryptography] /dev/random is not robust

Alex Elsayed eternaleye at gmail.com
Tue Oct 29 20:08:24 EDT 2013


Theodore Ts'o <tytso <at> mit.edu> writes:

<snip>
> I'll tell you right away that both Fortuna and
> Yarrow, which use crypto hashing in the entropy mixing step, is
> going to be a non-starter from a performance point of view.
<snip>

One thing I wonder is if entropy collection could be separated from pool
mixing - if entropy collection went to a ringbuffer or some other fast data
structure; on excess entropy we could potentially let it drop some or xor
new samples over the old that would be 'dropped'.

Due to the round-robin nature of Fortuna's pool mixing, it could be
parallelized, possibly allowing high-throughput implementations of mixing
and low-latency implementations of submission. That could also help prevent
dropped entropy.





More information about the cryptography mailing list