[Cryptography] The Crypto Pi

Ralf Senderek crypto at senderek.ie
Wed Jan 28 02:08:19 EST 2015

On 27.01.2015 22:30 Tom Mitchell wrote:
> Since you are in implementation land code in a way that lets you
> change the way "*random*" works with minimum impact on the rest
> of the code base.  Good design here will let you apply tomorrows lessons
> quickly.

I've done that.

> The more I read about the BSD decisions on random the more I believe
> that any
> initial expectations may become fragile and need to be updated.
> The two obvious /dev/random and /dev/urandom involve system
> calls which invoke mutex locks all of which takes more time than
> interacting with a well seeded user space PRNG.  

Yes, but the important condition is "well seeded". It's a chicken-and-egg problem, if you'd 
need /dev/random to seed the multiple userspace PRNGs.

> Assuming flaws an important consideration for an attack is knowing 
> which flawed resource is involved.    In revision two consider multiple
> user space PRNG(s) the selection of which is randomized and feed them
> into a mixer using a random weight... 10% from PRNG(a), 60% from PRNG(b)
> etc...

This is a good idea, and fortunately the Crypto Pi will only need about 30000 bits of entropy per day. 
How to make sure that enough of these (128) will be in every message key is the challenge.


More information about the cryptography mailing list