True RNG and GnuPG / libgcrypt
Werner Koch
wk at gnupg.org
Thu Dec 19 11:35:38 CET 2013
On Thu, 3 Oct 2013 13:55, ekleog at gmail.com said:
> So I believe implementing a fortuna "generator" in GnuPG is not the most urgent
> improvement to be made -- though I know nothing of GnuPG's current most-wanted
> improvements.
GnuPG and Libgcrypt use an RNG architecture described many years ago by
Peter Gutmann and also used in his very good Cryptlib. Actually Peter
and his co-hackers have been so kind to re-license their code so that we
could make use of the Windows and bare Unix entropy gatherers.
This random number generator is modelled after the one described in
Peter Gutmann's 1998 Usenix Security Symposium paper: "Software
Generation of Practically Strong Random Numbers". See also chapter
6 in his book "Cryptographic Security Architecture", New York,
2004, ISBN 0-387-95387-6.
Note that the acronym CSPRNG stands for "Continuously Seeded
PseudoRandom Number Generator" as used in Peter's implementation of
the paper and not only for "Cryptographically Secure PseudoRandom
Number Generator".
Yarrow and Fortuna are different and simpler designs than this highly
conservative CSPRNG.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list