[147886] in cryptography@c2.net mail archive
Re: [Cryptography] /dev/random is not robust
daemon@ATHENA.MIT.EDU (Alex Elsayed)
Tue Oct 29 21:20:43 2013
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: Alex Elsayed <eternaleye@gmail.com>
Date: Wed, 30 Oct 2013 00:08:24 +0000 (UTC)
X-Complaints-To: usenet@ger.gmane.org
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Theodore Ts'o <tytso <at> mit.edu> writes:
<snip>
> I'll tell you right away that both Fortuna and
> Yarrow, which use crypto hashing in the entropy mixing step, is
> going to be a non-starter from a performance point of view.
<snip>
One thing I wonder is if entropy collection could be separated from pool
mixing - if entropy collection went to a ringbuffer or some other fast data
structure; on excess entropy we could potentially let it drop some or xor
new samples over the old that would be 'dropped'.
Due to the round-robin nature of Fortuna's pool mixing, it could be
parallelized, possibly allowing high-throughput implementations of mixing
and low-latency implementations of submission. That could also help prevent
dropped entropy.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
