[noise] Post-Quantum Noise with New Hope
Peter Schwabe
peter at cryptojedi.org
Fri Jul 15 08:25:59 PDT 2016
Watson Ladd <watsonbladd at gmail.com> wrote:
Hi Watson,
> > Yeah, that's really embarrassing. We'll have new software online in a
> > few days that is faster and also fixes this issue.
>
> Is it? If your system RNG is broken, you need a better system.
It's a defensive measure to not send the output of the system's RNG over
the network. Imagine you're using Dual_EC_DRBG (which obviously you
shouldn't). If you send output of this RNG *once*, an attacker learns
all future output and breaks all of your crypto. Hashing the output of
the RNG before sending it costs almost nothing and prevents this attack.
Cheers,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160715/85dd9151/attachment.sig>
More information about the Noise
mailing list