[148441] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's
daemon@ATHENA.MIT.EDU (Donald Eastlake)
Fri Dec 13 15:38:45 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <86CC5021-CF61-4F42-83F3-C7CBC741C414@gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 13 Dec 2013 14:10:46 -0500
To: John Kelsey <crypto.jmk@gmail.com>
Cc: Charles Jackson <clj@jacksons.net>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Dec 13, 2013 at 1:24 PM, John Kelsey <crypto.jmk@gmail.com> wrote:
> Why not just XOR RD_RAND outputs with Yarrow outputs? That guarantees strong results if either one is good.
Just XORing does not do as good a job of preserving the entropy in the
two inputs as a good hash function. For example, assume both are
strong in the same subfield. You could throw away half of the
potentially available entropy with XOR. But XOR has the virtue of
simplicity and so lower probability of implementation error. It is a
trade off. And, of course, if one of the inputs has zero entropy, then
XOR is fine.
Thanks,
Donald
=============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e3e3@gmail.com
> --John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
