Question
In a recent article about potential compromised random number generators, I learnt that /dev/random combines multiple sources of randomness:
"Torvalds argued in his mild outburst that the values from RdRand are combined with other sources of randomness, which would thwart any attempts to game the processor's output - but it's claimed that mix is trivial (involving just an exclusive OR) and can be circumvented by g-men." - Torvalds shoots down call to yank 'backdoored' Intel RdRand in Linux crypto
This quote suggests that XORing these sources is too simple for cryptographic purposes. My question therefore is what method is recommended for combining multiple sources of randomness?
Solution
Fortuna is a CSPRNG designed to work with multiple pools of input. It samples from the various inputs, mixes them internally, and then produces an output stream. It It's a good method for combining multiple entropy sources.
On the topic of current events, Linux's approach isn't necessarily wrong. XORing two PRNG streams isn't a bad technique. There haven't been any good arguments as to why the existing approach is unsafe, just wild speculation.
https://stackoverflow.com/questions/18727219
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian