Hi all, I would like to make Fortuna the default secure random number
generator in Squeak. I like using it because its implementation is so
simple and utilizes another crypto primitive which I trust, a 256-bit
AES cipher in counter (CTR) mode to generate the random stream.
If it interests you, please take a look at
CryptographyRandom-cmm.14.mcz, and let me know your thoughts. I'll
plan on committing the remaining senders in a few days.
- Chris
_________________________________
Name: CryptographyRandom-cmm.14
Author: cmm
Time: 20 August 2020, 11:45:55.957918 pm
UUID: 8fa45a8b-cbb5-43be-8367-adcf78503be2
Ancestors: CryptographyRandom-ul.13
- Introduce RandomGenerator class>>#newSecureRandom to allow
configuration of a preferred secure random number generator. To set
this to SecureRandom, execute:
RandomGenerator picker: SecureRandom withGeneratedKey
otherwise, it will default to the Fortuna generator. Fortuna relies
on 128-bit AES for its security, reducing security-sapping complexity.
- Re-bolster #unpredictableStringsDo:. Chasing Pharo compatibility
resulted in a too-significant cut to its security, with only time
elements in there (which appear relatively easily brute-forcable). It
utilizes the new primitive Random gatherEntropyInto: in combination
with some of its original sources, in case the primitive fails or is
compromised.