Re: strengthening /dev/urandom

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 08/20/04 

Date: Thu, 19 Aug 2004 22:41:25 GMT

David Wagner wrote:

> Paul Rubin wrote:
>>I spent a couple minutes googling and didn't find any precise
>>descriptions of Fortuna, aside from references to Practical
>>Cryptography.
>
> Unfortunately, I'm not aware of any precise online descriptions, either.
>
> It's a really cute idea. From memory (and I'm sure I'll get some details
> wrong, because I don't have the book with me): You have a bunch of pools,
> ordered from left to right. Start with your finger pointing at the left
> (1st) pool. When you get an entropy sample from some source, mix it
> into the pool your finger is pointing at, and move your finger right
> one pool (wrapping around if necessary). When the application wants a
> bit of output, generate it from the 1st pool. Every so often, generate
> 160 bits of output from the 2nd pool and mix it into the 1st pool.
> Half as often, generate 160 bits of output from the 3rd pool and mix
> it into the 2nd pool. One-fourth as often, generate 160 bits of output
> from the 4th pool and mix it into the 3rd pool. You get the idea.

That's sorta it. When you reseed you use the pools to form the key [for
AES] as

K = HASH(K || HASH(p0) || HASH(p1) || ...)

You use pool i if the reseed count is divisible by 2^i. So you always use
pool 0, you use pool 1 every second reseed, etc...

It defaults to using SHA-256 as the hash and AES-256 a the cipher in CTR
mode.

Tom

Relevant Pages

  • Re: strengthening /dev/urandom
    ... Start with your finger pointing at the left ... into the pool your finger is pointing at, ... without needing an entropy estimator for this purpose. ... will therefore be unpredictable to the attacker. ...
    (sci.crypt)
  • ASP page hangs on opening connection object to mdb database
    ... I've found references to KB Article 838306 which discuss ... >recycle the application pool (I have my websites divided ... >the even log shows that the application pool with Process ...
    (microsoft.public.inetserver.asp.db)
  • j2me: Singleton Data Objects?
    ... Naturally I want to store my Data in the RecordStore, ... I guess I implemented a sort of Object Pool, ... Except of course it only works as long as the new references are only ... maybe a referenc ecould be copied directly, which would totally break my ...
    (comp.lang.java.programmer)
  • Re: Save As with Resource Pool
    ... references to multiple versions of the project schedule. ... >preserve the pool link to an older version. ...
    (microsoft.public.project)