[Cryptography] Announcing XSTREAM v0.1: misuse-resistant public-key cryptography combining X25519+HKDF+Miscreant
Tony Arcieri
bascule at gmail.com
Mon Jan 8 14:31:24 EST 2018
On Mon, Jan 8, 2018 at 10:45 AM Kristian Gjøsteen <kristian.gjosteen at ntnu.no>
wrote:
> The claim is that it tolerates RNG failures, but that is obviously not
> true, since the KEM component does not tolerate RNG failures (e.g. an RNG
> with very low entropy).
RNGs can fail in more ways than a total entropy failure, such as CSPRNG
internal state being duplicated or rolled back, producing duplicated
ephemeral keys. This is exceedingly common with badly designed userspace
CSPRNGs (XSTREAM endeavors to always use the OS RNG, FWIW), and
catastrophic without MRAE.
> --
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180108/75f9d4e3/attachment.html>
More information about the cryptography
mailing list