Date: Tue, 3 Jul 2018 16:18:37 +0200 From: Luca Barbato <lu_zero@...too.org> To: musl@...ts.openwall.com Subject: Re: arc4random/csprng On 02/07/2018 22:39, Rich Felker wrote: > I haven't followed what's been happening with posix_random lately, but > glibc has adding the arc4random interfaces and it seems reasonable > that we should too, with the easy option to add the posix_random name > for it and whatever interface details POSIX decides on. > > The glibc implementation looks like it's essentially CTR mode AES. > This is probably a pretty good choice, but unless there are strong > reasons not to I'd probably rather go with Hash-DRBG or HMAC-DRBG > utilizing the existing SHA-256 code we already have. That would avoid > the need to write or import any new cryptographic code (and the > associated risks) and keep the size cost minimal. This seems better > for forward-secrecy too, but I'd like to better understand the > conditions under which Hash-DRBG and HMAC-DRBG provide > forward-secrecy. >From what I read the various BSDs opted for ChaCha20, not sure which are the trade-offs for this choice thought. lu
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.