[Cryptography] [RFC] random: add new pseudorandom number generator

Bill Stewart billstewart at pobox.com
Sun Oct 3 17:04:20 EDT 2021

On 10/2/2021 5:08 PM, Jon Callas wrote:
>> On Sep 16, 2021, at 20:18, Sandy Harris <sandyinchina at gmail.com> wrote:
>> I have a PRNG that I want to use within the Linux random(4) driver. It
>> looks remarkably strong to me, but analysis from others is needed.
> A good block cipher in counter mode makes a pretty-okay PRNG. I say pretty-okay only because I would like my PRNG not to be invertible. Iterated hash functions are better. However, they are slower, and a property you want in a PRNG is that it's fast. I did a system PRNG that was intentionally faster than arc4random() and close to linear-congruential because then there's no excuse for not using it. A mildly evil person would replace both of those with a fast real PRNG. (Mildly evil because if some user knew the internals and was counting on it acting the way the internals specified, they might be disappointed.)

How much entropy do you get out of it, and how much key material went 
into it?

More information about the cryptography mailing list