[148440] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's
daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Dec 13 15:38:00 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 13 Dec 2013 13:02:27 -0600
From: Nico Williams <nico@cryptonector.com>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <86CC5021-CF61-4F42-83F3-C7CBC741C414@gmail.com>
Cc: Charles Jackson <clj@jacksons.net>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Dec 13, 2013 at 01:24:21PM -0500, John Kelsey wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs? That guarantees
> strong results if either one is good.
Yes, to reprise the /dev/*random robustness thread, we need as many
inputs to the CSPRNG as possible. Heck, even a constant seed and a seed
saved from the previous boot. As long as the PRNG is cryptographically
secure and at least one source of boot-time (and subsequent) entropy is
predictable by would-be attackers, this should be good enough.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
