After some further testing, I discovered that SecureRandom is about 9X faster than Fortuna, and that some cases may prefer that speed over security. For example, Ron's clever KeyHolder. It does something every 100ms, so perhaps best not to hinder performance there.
Asymmetric key-generation, however, is something that's already expensive, and very important to maximize security. Therefore, I've coded those to utilize Fortuna.
The ones which could be an either/or decision, can be left as:
RandomGenerator picker
which can be set to Fortuna or SecureRandom, but with the default no longer Fortuna, but SecureRandom.
I didn't update the two in DSA key generators, though, because it looks like they're doing some stuff based on 160-bit math, and also maybe have a bug. Would you or someone mind taking a peek at:
DSAKeyPairGenerator>>#generate1024bitKeySet and DSAKeyPairGenerator>>#generateKeySet
These two methods are nearly identical, including what looks like a bug near the bottom, where it says:
x := self nextRandom160.
I imagine that's supposed to read:
x := random nextRandom160.
RandomGenerator doesn't have #nextRandom160, although we could add it, it seems like we should phase it out for nextBits: 160.
What do you think?
- Chris
PS -- the remaining changes are committed to the Cryptography repository, review is very welcome if you have time.
On Fri, Aug 21, 2020 at 5:42 AM Robert Withers robert.withers@pm.me wrote:
+1 Sounds great to me, Chris! Great to see traffic! It looks like a change to Diffie Hellman and the RSA/DSA Keys, as far as ParrotTalk is concerned.
K, r
On 8/21/20 1:01 AM, Chris Muller wrote:
Hi all, I would like to make Fortuna the default secure random number generator in Squeak. I like using it because its implementation is so simple and utilizes another crypto primitive which I trust, a 256-bit AES cipher in counter (CTR) mode to generate the random stream.
If it interests you, please take a look at CryptographyRandom-cmm.14.mcz, and let me know your thoughts. I'll plan on committing the remaining senders in a few days.
- Chris
Name: CryptographyRandom-cmm.14 Author: cmm Time: 20 August 2020, 11:45:55.957918 pm UUID: 8fa45a8b-cbb5-43be-8367-adcf78503be2 Ancestors: CryptographyRandom-ul.13
- Introduce RandomGenerator class>>#newSecureRandom to allow
configuration of a preferred secure random number generator. To set this to SecureRandom, execute:
RandomGenerator picker: SecureRandom withGeneratedKey
otherwise, it will default to the Fortuna generator. Fortuna relies on 128-bit AES for its security, reducing security-sapping complexity.
- Re-bolster #unpredictableStringsDo:. Chasing Pharo compatibility
resulted in a too-significant cut to its security, with only time elements in there (which appear relatively easily brute-forcable). It utilizes the new primitive Random gatherEntropyInto: in combination with some of its original sources, in case the primitive fails or is compromised. _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography