[Cryptography Team] configurable random number generator
Robert Withers
robert.withers at pm.me
Sun Aug 23 18:44:41 UTC 2020
Hi
On 8/21/20 9:30 PM, Chris Muller wrote:
> I didn't update the two in DSA key generators, though, because it
> looks like they're doing some stuff based on 160-bit math, and also
> maybe have a bug. Would you or someone mind taking a peek at:
>
> DSAKeyPairGenerator>>#generate1024bitKeySet
> and DSAKeyPairGenerator>>#generateKeySet
>
> These two methods are nearly identical, including what looks like a
> bug near the bottom, where it says:
>
> x := self nextRandom160.
>
> I imagine that's supposed to read:
>
> x := random nextRandom160.
Yes, please include that change, so it will work! ;)
> RandomGenerator doesn't have #nextRandom160, although we could add it,
> it seems like we should phase it out for nextBits: 160.
It seems nextBits: calls nextRandom160 to gain key material. Whatever
you think is best, Chris.
K, r
>
> What do you think?
>
> - Chris
>
> PS -- the remaining changes are committed to the Cryptography
> repository, review is very welcome if you have time.
I will make the time. I am in super-lazy mode, atm. Watching Star Trek
Discovery.
>
>
>
> On Fri, Aug 21, 2020 at 5:42 AM Robert Withers <robert.withers at pm.me> wrote:
>> +1 Sounds great to me, Chris! Great to see traffic! It looks like a
>> change to Diffie Hellman and the RSA/DSA Keys, as far as ParrotTalk is
>> concerned.
>>
>> K, r
>>
>> On 8/21/20 1:01 AM, Chris Muller wrote:
>>> Hi all, I would like to make Fortuna the default secure random number
>>> generator in Squeak. I like using it because its implementation is so
>>> simple and utilizes another crypto primitive which I trust, a 256-bit
>>> AES cipher in counter (CTR) mode to generate the random stream.
>>>
>>> If it interests you, please take a look at
>>> CryptographyRandom-cmm.14.mcz, and let me know your thoughts. I'll
>>> plan on committing the remaining senders in a few days.
>>>
>>> - Chris
>>> _________________________________
>>> Name: CryptographyRandom-cmm.14
>>> Author: cmm
>>> Time: 20 August 2020, 11:45:55.957918 pm
>>> UUID: 8fa45a8b-cbb5-43be-8367-adcf78503be2
>>> Ancestors: CryptographyRandom-ul.13
>>>
>>> - Introduce RandomGenerator class>>#newSecureRandom to allow
>>> configuration of a preferred secure random number generator. To set
>>> this to SecureRandom, execute:
>>>
>>> RandomGenerator picker: SecureRandom withGeneratedKey
>>>
>>> otherwise, it will default to the Fortuna generator. Fortuna relies
>>> on 128-bit AES for its security, reducing security-sapping complexity.
>>> - Re-bolster #unpredictableStringsDo:. Chasing Pharo compatibility
>>> resulted in a too-significant cut to its security, with only time
>>> elements in there (which appear relatively easily brute-forcable). It
>>> utilizes the new primitive Random gatherEntropyInto: in combination
>>> with some of its original sources, in case the primitive fails or is
>>> compromised.
>>> _______________________________________________
>>> Cryptography mailing list
>>> Cryptography at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
More information about the Cryptography
mailing list