A new Dual EC DRBG flaw
Posted Jan 2, 2014 4:15 UTC (Thu) by eternaleye (subscriber, #67051)
DRBGs/PRNGs are used either when a) you don't have a hardware source of true randomness (generally either thermal, quantum, or radiological) b.) that hardware source generates randomness slower than you need (and so you want to expand it using something relatively fast) or c.) you want to pool randomness from multiple sources in a way that reduces the risks if one or more is compromised.
Linux's /dev/random and /dev/urandom are PRNGs that are seeded by hardware entropy sources; the BSDs generally use one based on the Yarrow construction from Schneier - both instances of c).
Stream ciphers are (essentially) PRNGs that you then XOR with your plaintext, a use case that _requires_ the same seed generate the same output (deterministic).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds