[Cryptography] OpenSSL CSPRNG work
Watson Ladd
watsonbladd at gmail.com
Sun Jul 2 16:43:59 EDT 2017
On Jul 2, 2017 1:28 PM, "Ray Dillinger" <bear at sonic.net> wrote:
On 07/02/2017 01:36 AM, Florian Weimer wrote:
>> "Salz, Rich" <rsalz at akamai.com> writes:
> This implementation is unlikely to pass certification. Some auditors
> do not allow the use of /dev/urandom to seed another generator. I
> don't know yet if we can just prentend that our arc4random
> implementation is not cryptographically secure, and thereby game the
> auditing process. I expect that anyone who uses actual cryptography
> uses a cryptographic library which comes with its own CSPRNG, so this
> shouldn't be a problem in practice as along as our arc4random provides
> an unpredictable stream of bits, even if it is not certified to do so.
Arc4random should not be mistaken for a CSPRNG. It's a good PRNG, but
at this point there are enough attacks on it that it's not really good
enough for cryptography anymore. So it should not be certified as
cryptographically secure - there is no "pretending" about it, and it is
not "gaming" the auditing process.
On the other hand, given some particular permutation of 256 elements,
its stream of output is entirely repeatable. So it's fine as a PRNG for
repeatable sequences.
Backwards compatibility: it is really ChaCha.
Bear
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170702/46c7913e/attachment.html>
More information about the cryptography
mailing list