[Cryptography] ChaCha20 DRNG
Jason Cooper
cryptography at lakedaemon.net
Thu Aug 4 11:48:30 EDT 2016
Hi Stephan,
On Thu, Aug 04, 2016 at 02:22:08PM +0200, Stephan Mueller wrote:
> As part of the development of my "Linux Random Number Generator -- a new
> approach to the Linux /dev/random" project, I implemented a DRNG based on
> ChaCha20.
>
> This DRNG is now extracted into a standalone code base and is provided at [1].
> The DRNG is completely standalone in the sense that it does not require
> services from any library other than libc. This implies that it implements all
> cryptographic aspects itself.
>
> The implementation is very small with some 400 lines of code. The
> implementation draws ideas from SP800-90A, AIS 20/31 and Peter Gutmann's work:
>
> * the DRNG seeds itself
>
> * the DRNG reseeds itself when reaching a time-based or volume-based threshold
>
> * the DRNG performs a continuous reseeding using a high-resolution time stamp
>
> * the DRNG implements enhanced backward secrecy
>
>
> A complete documentation, including its API is given at [1].
>
> [1] http://www.chronox.de/chacha20_drng.html
I took a quick look. Small, concise, clean. :) If you don't mind, I'd
like to send some patches for you to review. I have a couple of things
in mind:
- namespace the version number macros, or use signed git tags [1]
- add version number call to the API
- split the different seed sources out to separate files
- Allow other chacha20 implementations (e.g. libsodium)
- work towards baremetal
- replace/remove printfs (add a log() cb?)
- tolerate no internal seed sources / set a cb
- add seed save/restore cbs.
- other items I don't recall off the top of my head
thx,
Jason.
[1] http://git.infradead.org/users/jcooper/secsh.git/blob/649360530be394794fe0533be5ab2939eaa27e52:/genver.sh
I have a better version locally, does latex and raw version number
output.
More information about the cryptography
mailing list