[Cryptography Team] configurable random number generator
Chris Muller
asqueaker at gmail.com
Sat Aug 22 01:30:59 UTC 2020
After some further testing, I discovered that SecureRandom is about 9X
faster than Fortuna, and that some cases may prefer that speed over
security. For example, Ron's clever KeyHolder. It does something
every 100ms, so perhaps best not to hinder performance there.
Asymmetric key-generation, however, is something that's already
expensive, and very important to maximize security. Therefore, I've
coded those to utilize Fortuna.
The ones which could be an either/or decision, can be left as:
RandomGenerator picker
which can be set to Fortuna or SecureRandom, but with the default no
longer Fortuna, but SecureRandom.
I didn't update the two in DSA key generators, though, because it
looks like they're doing some stuff based on 160-bit math, and also
maybe have a bug. Would you or someone mind taking a peek at:
DSAKeyPairGenerator>>#generate1024bitKeySet
and DSAKeyPairGenerator>>#generateKeySet
These two methods are nearly identical, including what looks like a
bug near the bottom, where it says:
x := self nextRandom160.
I imagine that's supposed to read:
x := random nextRandom160.
RandomGenerator doesn't have #nextRandom160, although we could add it,
it seems like we should phase it out for nextBits: 160.
What do you think?
- Chris
PS -- the remaining changes are committed to the Cryptography
repository, review is very welcome if you have time.
On Fri, Aug 21, 2020 at 5:42 AM Robert Withers <robert.withers at pm.me> wrote:
>
> +1 Sounds great to me, Chris! Great to see traffic! It looks like a
> change to Diffie Hellman and the RSA/DSA Keys, as far as ParrotTalk is
> concerned.
>
> K, r
>
> On 8/21/20 1:01 AM, Chris Muller wrote:
> > Hi all, I would like to make Fortuna the default secure random number
> > generator in Squeak. I like using it because its implementation is so
> > simple and utilizes another crypto primitive which I trust, a 256-bit
> > AES cipher in counter (CTR) mode to generate the random stream.
> >
> > If it interests you, please take a look at
> > CryptographyRandom-cmm.14.mcz, and let me know your thoughts. I'll
> > plan on committing the remaining senders in a few days.
> >
> > - Chris
> > _________________________________
> > Name: CryptographyRandom-cmm.14
> > Author: cmm
> > Time: 20 August 2020, 11:45:55.957918 pm
> > UUID: 8fa45a8b-cbb5-43be-8367-adcf78503be2
> > Ancestors: CryptographyRandom-ul.13
> >
> > - Introduce RandomGenerator class>>#newSecureRandom to allow
> > configuration of a preferred secure random number generator. To set
> > this to SecureRandom, execute:
> >
> > RandomGenerator picker: SecureRandom withGeneratedKey
> >
> > otherwise, it will default to the Fortuna generator. Fortuna relies
> > on 128-bit AES for its security, reducing security-sapping complexity.
> > - Re-bolster #unpredictableStringsDo:. Chasing Pharo compatibility
> > resulted in a too-significant cut to its security, with only time
> > elements in there (which appear relatively easily brute-forcable). It
> > utilizes the new primitive Random gatherEntropyInto: in combination
> > with some of its original sources, in case the primitive fails or is
> > compromised.
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
More information about the Cryptography
mailing list